~/f/scap-security-guide/RPMS.2017 ~/f/scap-security-guide
~/f/scap-security-guide
RPMS.2017/scap-security-guide-0.1.62-0.0.noarch.rpm RPMS/scap-security-guide-0.1.62-0.0.noarch.rpm differ: byte 225, line 1
Comparing scap-security-guide-0.1.62-0.0.noarch.rpm to scap-security-guide-0.1.62-0.0.noarch.rpm
comparing the rpm tags of scap-security-guide
--- old-rpm-tags
+++ new-rpm-tags
@@ -191,4 +191,4 @@
-/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis.html 23419275ccbd79da432753a3728f64c87160cbe11926e3cb764d009653e7b918 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_server_l1.html 5f7a423a88f6ae317c8b2f886e43b2f3c0e0fb126bb798dbe1735f4fc700c49c 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l1.html 407704b9494345469ab620c9028cedb17b2433538d574e2ac33b1e61b82183bd 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l2.html 24c74a090eabecf17c0c2e3f92a1442c640a230811f7f7deba62e27cd0ee4b04 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis.html 6f06da30a8e9caf0a02ce351d32005e20d5653c2bff869645c296197e3362c3a 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_server_l1.html 6921cdd4e4960b2738918330f0d6f85916fd6a83ca4a31ff32c0f87171031b8e 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l1.html edb8209654977cf83f532de079a5579c9e5d65ad67f9da787a8a52fa158b07c4 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l2.html ee9eb8f58b51d1f7f04272d761233e88be43f11858bf7104e5024e88478207f5 2
@@ -197,7 +197,7 @@
-/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-stig.html 4524e12092930ee9b7a8d29901108fea1e2d774f4569e3782d710da957555c05 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-anssi_bp28_minmal.html 14e528c62f7a6c69e85b11978b4b58d14f928bfd4053e06cafc7584b6bcd592d 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis.html 1ed16b9d855b0ca115003285e8724a48fc8595cb6ee5328332da3d4df8b2832b 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_server_l1.html f373e4bc2bdd0fbb88209ff9a5a9e20436fc702d1177f4918462e95726bc7bb9 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l1.html 5ea2ddf070b182422460445ed030f76de0272710dbda43498c250cf2e338e8e7 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l2.html 016c0766cdf85fefcc939247ec1a2b6226039617ef91fe0b44075df504f6e9f9 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-hipaa.html f9534b0c4e1780febdba6211737d26c1ccf50ebcacc2b5e4f06dcb3b1ba7de52 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-stig.html 507cf34e91323b50ff80ebdc98fc280c13c5ba2a107b2fee9c017fd1fe71519e 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-anssi_bp28_minmal.html c9386ef710d84adb6c9b6d2b8953c37864faaec9c75245c821c1f1e1135e5775 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis.html b0b80318717ab4a75a33decdc4b94dcf5f9daff5f810e1c187d3dda9274efd00 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_server_l1.html ae3c56c649894eecef4918681fd5878075a6374fd954caa10fa58368e854a1ab 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l1.html d794bf1f254b5fd89aeed2bf6180c80d28ca4fe4134aa5d53ac19611f612b086 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l2.html e5def4cd542af7508c746317463088261e69d620ba2fa3d76491efa4f2e9f0fe 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-hipaa.html e3a48590655c29c9b6eb9be52a598120e79a2d63e9cad38be353faf2900dc228 2
@@ -205,3 +205,3 @@
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-pci-dss.html e0e06ab043551dfe4de0f38618462d627550be9512490f23ca389c2a1a95532a 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-standard.html 22f30bf084bb5d1cd2a51d8d6dad3d5de914510bf588ce295de3bd2114c59044 2
-/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-stig.html 0ed43f31930c4d4432853797261405b52ce4d1b75ede3fcd2da22ed526ae259c 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-pci-dss.html 5f4e186ba0795f828a65327f901856f6b0288ffee2e2f0e1c81912ef0f8db4f8 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-standard.html d7baf48cf5ffa61e1a42022440d38584b0ecb9b4a60af90f4c03a8edcee38e53 2
+/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-stig.html dd613e1cebc72f4ba9060f396244f2017d2e22ae63a98fb8ee712e1271bbc0f4 2
@@ -259,3 +259,3 @@
-/usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml fdd0968b10e8e5b89a739bd2faa0c68ae7a2cc2e22ed87dcefcdc6b0797eec22 0
-/usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml 312806a948e3bbe253d474719c010ce97cc5dee471414782099480252b3c8a53 0
-/usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml 8d5cad78524b66b2750dd03ac058a864f69a458e0d21981f7107580db31e0b4d 0
+/usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml 411d5f19f701f4c757f3d6ce0124dd0ecfd88d69d72dd9574960dcacf7263357 0
+/usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml 427932554997a45550e178adbf549e69332976e8f119e8e22d5c8de1a68e658b 0
+/usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml 14c4ffa931b88074d75f28412e1f130686473d99848132daf3f434c52a9b0c2f 0
@@ -263 +263 @@
-/usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml 0a0f5b5e8c95dfbcc290a8d8102d6401ead3f06857ad1cc3f86195f9f9cb4923 0
+/usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml 915862667e048a5423b3c8dd6434f2508895b9c36b878f4c2f7cbcae517b2b18 0
@@ -266,3 +266,3 @@
-/usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml 0aa9d52b4d79ff22163e98c2c5d5d37e603d127c0557b37040c5e8db754c9919 0
-/usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml 5f88ae1d25b43a324b2082c672face1228f1eb2ab257e4421f800655ea0701b6 0
-/usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml 45112817d51d100b5c76220877292b3c5294f42d10b1dc72990c4b048e5ddd85 0
+/usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml 8e30a594b50f610df7c03f6b027b2b30199fcc2bca26165e30e585b4a090e1c8 0
+/usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml 5029ed9c5cc909d7abdd85f834aeed5f83e21f2e2dcde2e9c742faadd60271a6 0
+/usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml 99e0e39c305655029eb01e85d2854ca65b7fd72d9aaf591f0dbbcc8b11e1dd16 0
@@ -270 +270 @@
-/usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml 76b35c1d03a783f40712c98b62bcafee3d26f7cd62d20a523efbf70f243ee54a 0
+/usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml fc5065b85a5a9ededfe1f10c8c031646265747a7b4e0b30ed243310f4c8706c4 0
@@ -273,3 +273,3 @@
-/usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml 49018beb1b2b8863f4bd22c6b913c5d0bfebbbbc6acb006d94d6a65dc3955052 0
-/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml c7b37c78f540aee332244b67f4b1ba810bf47834cef67b87f4e33a266cd843ae 0
-/usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml 42618f51f862c1d3107534fa10c35df2ca6735b68beedd2e08213c30a7bee46f 0
+/usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml e285e9a29bdffbf4577672eca33c5856c1a2c9ce33934ad24ac704669f639387 0
+/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml e15a88d7db081adb8ddda26fc384edca2afbdf3c512bbe670634748096deb235 0
+/usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml ff14587056b9edb15247a099a03440255149f1d29af6ff4eb25f906f1b89ee92 0
@@ -277 +277 @@
-/usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml 069aca48020c60ae925e3cdc9ba6ab0368dd915278e9ed8f89605f1e9daa6290 0
+/usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml ba99c1c7a0d1fced437305579385ccfc80144c74ea2d7adda5c5047a77af835d 0
comparing rpmtags
comparing RELEASE
comparing PROVIDES
comparing scripts
comparing filelist
comparing file checksum
creating rename script
RPM file checksum differs.
Extracting packages
/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     >&2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -577,17 +577,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -34239,17 +34239,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id286" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id286"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id287" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id287"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id286" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id286"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id287" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id287"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id288" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id288"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -34298,10 +34298,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -34309,6 +34306,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id293" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id293"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -34667,17 +34667,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id306" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id306"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -34971,17 +34971,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id322" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id322"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -35013,10 +35013,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -35024,6 +35021,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id327" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id327"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -35128,10 +35128,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id331" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id331"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -35139,6 +35136,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id331" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id331"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id332" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id332"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -35176,17 +35176,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -529,17 +529,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4234,17 +4234,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -4538,17 +4538,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4580,10 +4580,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4591,6 +4588,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4695,10 +4695,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -4706,6 +4703,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -4743,17 +4743,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id167" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id167"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -8814,10 +8814,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -8825,6 +8822,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -11290,10 +11290,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id367" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id367"><pre><code>
-[customizations.services]
-disabled = ["avahi-daemon"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id368" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id368"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_avahi-daemon
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id367" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id367"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_avahi-daemon
 
 class disable_avahi-daemon {
   service {'avahi-daemon':
@@ -11301,6 +11298,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id368" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id368"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -529,17 +529,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4234,17 +4234,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -4538,17 +4538,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4580,10 +4580,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4591,6 +4588,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4695,10 +4695,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -4706,6 +4703,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -4743,17 +4743,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id167" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id167"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -11206,10 +11206,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id365" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id365"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id366" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id366"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id365" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id365"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -11217,6 +11214,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id366" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id366"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id367" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id367"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -12272,10 +12272,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id453" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id453"><pre><code>
-[customizations.services]
-disabled = ["rpcbind"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id454"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rpcbind
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id453" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id453"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rpcbind
 
 class disable_rpcbind {
   service {'rpcbind':
@@ -12283,6 +12280,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id454"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -577,17 +577,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -34239,17 +34239,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id286" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id286"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id287" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id287"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id286" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id286"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id287" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id287"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id288" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id288"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -34298,10 +34298,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -34309,6 +34306,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id293" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id293"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -34667,17 +34667,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id306" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id306"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -34971,17 +34971,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id322" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id322"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -35013,10 +35013,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -35024,6 +35021,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id327" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id327"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -35128,10 +35128,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id331" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id331"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -35139,6 +35136,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id331" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id331"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id332" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id332"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -35176,17 +35176,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle12-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -119,17 +119,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -6239,17 +6239,17 @@
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83009-1">CCE-83009-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000058</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000060</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-11(1)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-12-010070</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-217108r603262_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id137"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "kbd"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><pre><code>
-[[packages]]
-name = "kbd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
 
 class install_kbd {
   package { 'kbd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><pre><code>
+[[packages]]
+name = "kbd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id140"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure kbd is installed
   package:
     name: kbd
@@ -49525,17 +49525,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id420" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id420"><pre><code>
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id421" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id421"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id420" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id420"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
   package { 'audit-audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id421" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id421"><pre><code>
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id422" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id422"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -49563,17 +49563,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id425" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id425"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id426" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id426"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id425" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id425"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id426" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id426"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id427" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id427"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -49622,10 +49622,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id430" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id430"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id431" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id431"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id430" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id430"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -49633,6 +49630,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id431" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id431"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id432" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id432"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -49746,17 +49746,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id435" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id435"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id436" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id436"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id435" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id435"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id436" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id436"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id437" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id437"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -49820,10 +49820,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id440" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id440"><pre><code>
-[customizations.services]
-enabled = ["apparmor"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id441" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id441"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id440" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id440"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_apparmor
 
 class enable_apparmor {
   service {'apparmor':
@@ -49831,6 +49828,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id441" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id441"><pre><code>
+[customizations.services]
+enabled = ["apparmor"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id442" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id442"><pre><code>- name: Start apparmor.service
   systemd:
     name: apparmor.service
@@ -52229,17 +52229,17 @@
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83157-8">CCE-83157-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-000382</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002080</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002314</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CA-3(5)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-17(1)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000420-GPOS-00186</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-12-030030</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-217261r603262_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id497" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id497"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "SuSEfirewall2"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id498" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id498"><pre><code>
-[[packages]]
-name = "SuSEfirewall2"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id499"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_SuSEfirewall2
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id498" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id498"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_SuSEfirewall2
 
 class install_SuSEfirewall2 {
   package { 'SuSEfirewall2':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id499"><pre><code>
+[[packages]]
+name = "SuSEfirewall2"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id500" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id500"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure SuSEfirewall2 is installed
   package:
     name: SuSEfirewall2
@@ -52277,10 +52277,7 @@
 "$SYSTEMCTL_EXEC" unmask 'SuSEfirewall2.service'
 "$SYSTEMCTL_EXEC" start 'SuSEfirewall2.service'
 "$SYSTEMCTL_EXEC" enable 'SuSEfirewall2.service'
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><pre><code>
-[customizations.services]
-enabled = ["SuSEfirewall2"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id504" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id504"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_SuSEfirewall2
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_SuSEfirewall2
 
 class enable_SuSEfirewall2 {
   service {'SuSEfirewall2':
@@ -52288,6 +52285,9 @@
     ensure =&gt; 'running',
   }
 }
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-anssi_bp28_minmal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-anssi_bp28_minmal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-anssi_bp28_minmal.html	2022-07-15 00:00:00.000000000 +0000
@@ -246,17 +246,17 @@
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-91163-6">CCE-91163-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R8)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000191-GPOS-00080</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "dnf-automatic"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4363,17 +4363,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4407,10 +4407,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4418,6 +4415,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -583,17 +583,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -34640,17 +34640,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id300" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id300"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -34699,10 +34699,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -34710,6 +34707,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -35064,17 +35064,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -35759,17 +35759,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id346"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -35803,10 +35803,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -35814,6 +35811,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id351" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id351"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -35959,17 +35959,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id356" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id356"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -36007,10 +36007,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id360" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id360"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -36018,6 +36015,9 @@
     ensure =&gt; 'running',
   }
 }
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -535,17 +535,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4565,17 +4565,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -5260,17 +5260,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5304,10 +5304,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5315,6 +5312,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5460,17 +5460,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5508,10 +5508,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5519,6 +5516,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5708,17 +5708,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id203"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -9873,10 +9873,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id346"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -9884,6 +9881,9 @@
     ensure =&gt; 'stopped',
   }
 }
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -535,17 +535,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4565,17 +4565,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -5260,17 +5260,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5304,10 +5304,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5315,6 +5312,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5460,17 +5460,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5508,10 +5508,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5519,6 +5516,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5708,17 +5708,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/suse_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id203"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -12324,10 +12324,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id413" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id413"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id414" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id414"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id413" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id413"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -12335,6 +12332,9 @@
     ensure =&gt; 'running',
   }
 }
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -123,17 +123,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -583,17 +583,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -34640,17 +34640,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id300" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id300"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -34699,10 +34699,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -34710,6 +34707,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -35064,17 +35064,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -35759,17 +35759,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id346"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -35803,10 +35803,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -35814,6 +35811,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id351" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id351"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -35959,17 +35959,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id356" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id356"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -36007,10 +36007,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id360" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id360"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -36018,6 +36015,9 @@
     ensure =&gt; 'running',
   }
 }
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1376,10 +1376,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -1387,6 +1384,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -44078,10 +44078,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -44089,6 +44086,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id275" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id275"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -44784,10 +44784,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -44795,6 +44792,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -45906,10 +45906,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><pre><code>
-[customizations.services]
-disabled = ["kdump"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
 
 class disable_kdump {
   service {'kdump':
@@ -45917,6 +45914,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><pre><code>
+[customizations.services]
+disabled = ["kdump"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service kdump
   block:
 
@@ -46012,10 +46012,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -46023,6 +46020,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -46223,10 +46223,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id351" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id351"><pre><code>
-[customizations.services]
-disabled = ["xinetd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id352" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id352"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_xinetd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id351" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id351"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_xinetd
 
 class disable_xinetd {
   service {'xinetd':
@@ -46234,6 +46231,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id352" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id352"><pre><code>
+[customizations.services]
+disabled = ["xinetd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id353" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id353"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service xinetd
   block:
 
@@ -46380,10 +46380,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id360" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id360"><pre><code>
-[customizations.services]
-disabled = ["rexec"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id361" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id361"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rexec
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id360" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id360"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rexec
 
 class disable_rexec {
   service {'rexec':
@@ -46391,6 +46388,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id361" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id361"><pre><code>
+[customizations.services]
+disabled = ["rexec"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id362" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id362"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service rexec
   block:
 
@@ -46497,10 +46497,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id365" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id365"><pre><code>
-[customizations.services]
-disabled = ["rlogin"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id366" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id366"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rlogin
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id365" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id365"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rlogin
 
 class disable_rlogin {
   service {'rlogin':
@@ -46508,6 +46505,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id366" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id366"><pre><code>
+[customizations.services]
+disabled = ["rlogin"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id367" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id367"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service rlogin
   block:
 
@@ -46852,10 +46852,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id389" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id389"><pre><code>
-[customizations.services]
-disabled = ["telnet"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id390" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id390"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_telnet
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id389" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id389"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_telnet
 
 class disable_telnet {
   service {'telnet':
@@ -46863,6 +46860,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id390" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id390"><pre><code>
+[customizations.services]
+disabled = ["telnet"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id391" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id391"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service telnet
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -400,17 +400,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4310,10 +4310,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4321,6 +4318,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -37780,17 +37780,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code>
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
   package { 'audit-audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><pre><code>
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id271" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id271"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -37832,10 +37832,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id275" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id275"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -37843,6 +37840,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id275" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id275"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id276" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id276"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -38500,17 +38500,17 @@
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-85836-5">CCE-85836-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001131</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.15.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.MA-2</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-4.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000120-GPOS-00061</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id295" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id295"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "strongswan"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id296" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id296"><pre><code>
-[[packages]]
-name = "strongswan"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_strongswan
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id296" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id296"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_strongswan
 
 class install_strongswan {
   package { 'strongswan':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><pre><code>
+[[packages]]
+name = "strongswan"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure strongswan is installed
   package:
     name: strongswan
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -24342,17 +24342,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -24401,10 +24401,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -24412,6 +24409,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -24776,17 +24776,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -24820,10 +24820,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -24831,6 +24828,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -24976,17 +24976,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -28496,17 +28496,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id294" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id294"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id295" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id295"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id294" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id294"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id295" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id295"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id296" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id296"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -28541,10 +28541,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id300" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id300"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id299" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id299"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -28552,6 +28549,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id300" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id300"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id301" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id301"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -28818,10 +28818,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id328" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id328"><pre><code>
-[customizations.services]
-disabled = ["httpd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id329" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id329"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_httpd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id328" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id328"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_httpd
 
 class disable_httpd {
   service {'httpd':
@@ -28829,6 +28826,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id329" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id329"><pre><code>
+[customizations.services]
+disabled = ["httpd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service httpd
   block:
 
@@ -28962,17 +28962,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id333" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id333"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id333" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id333"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><pre><code>
+[[packages]]
/usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sle15-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -119,17 +119,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -6759,17 +6759,17 @@
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83268-3">CCE-83268-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000058</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000060</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">SLES-15-010110</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-234811r622137_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 zypper install -y "kbd"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code>
-[[packages]]
-name = "kbd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
 
 class install_kbd {
   package { 'kbd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>
+[[packages]]
+name = "kbd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure kbd is installed
   package:
     name: kbd
@@ -53766,17 +53766,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id449" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id449"><pre><code>
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id450" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id450"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id449" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id449"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
   package { 'audit-audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id450" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id450"><pre><code>
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id451" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id451"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -53803,17 +53803,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id454"><pre><code>
-[[packages]]
-name = "audit"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id455" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id455"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id454" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id454"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audit
 
 class install_audit {
   package { 'audit':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id455" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id455"><pre><code>
+[[packages]]
+name = "audit"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id456" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id456"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audit is installed
   package:
     name: audit
@@ -53862,10 +53862,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id459" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id459"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id460" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id460"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id459" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id459"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -53873,6 +53870,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id460" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id460"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id461" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id461"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -53976,17 +53976,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id464" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id464"><pre><code>
-[[packages]]
-name = "pam_apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id465" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id465"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id464" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id464"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_apparmor
 
 class install_pam_apparmor {
   package { 'pam_apparmor':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id465" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id465"><pre><code>
+[[packages]]
+name = "pam_apparmor"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id466" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id466"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pam_apparmor is installed
   package:
     name: pam_apparmor
@@ -54050,10 +54050,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id469" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id469"><pre><code>
-[customizations.services]
-enabled = ["apparmor"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id470" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id470"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id469" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id469"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_apparmor
 
 class enable_apparmor {
   service {'apparmor':
@@ -54061,6 +54058,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id470" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id470"><pre><code>
+[customizations.services]
+enabled = ["apparmor"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id471" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id471"><pre><code>- name: Start apparmor.service
   systemd:
     name: apparmor.service
@@ -54458,17 +54458,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id482" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id482"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id483" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id483"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id482" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id482"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id483" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id483"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id484" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id484"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -54506,10 +54506,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id487" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id487"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id488" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id488"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id487" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id487"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -54517,6 +54514,9 @@
     ensure =&gt; 'running',
   }
 }
/usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -151,19 +151,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -176,14 +166,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -191,34 +186,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -226,9 +226,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2411,11 +2411,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -2424,6 +2419,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -2455,11 +2455,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -2468,6 +2463,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5267,11 +5267,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
@@ -5280,6 +5275,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -5352,11 +5352,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</xccdf-1.2:reference>
             <xccdf-1.2:rationale>The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "audit"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit
 
 class install_audit {
@@ -5365,6 +5360,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -151,19 +151,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -176,14 +166,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -191,34 +186,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -226,9 +226,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2411,11 +2411,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -2424,6 +2419,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -2455,11 +2455,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -2468,6 +2463,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5267,11 +5267,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
@@ -5280,6 +5275,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -5352,11 +5352,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</xccdf-1.2:reference>
             <xccdf-1.2:rationale>The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "audit"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit
 
 class install_audit {
@@ -5365,6 +5360,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-opensuse-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,256 +7,250 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">
+      <ocil:title>Ensure Logrotate Runs Periodically</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns gshadow File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
+      <ocil:title>Ensure /var Located On Separate Partition</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-partition_for_var_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,34 +78,39 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="s390x_arch">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -118,9 +118,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2303,11 +2303,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -2316,6 +2311,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -2347,11 +2347,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -2360,6 +2355,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5159,11 +5159,6 @@
         <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.1:reference>
         <xccdf-1.1:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.1:rationale>
         <xccdf-1.1:platform idref="#machine"/>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
 class install_audit-audispd-plugins {
@@ -5172,6 +5167,11 @@
   }
 }
 </xccdf-1.1:fix>
+        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audit-audispd-plugins"
+version = "*"
+</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audit-audispd-plugins is installed
   package:
     name: audit-audispd-plugins
@@ -5244,11 +5244,6 @@
         <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</xccdf-1.1:reference>
         <xccdf-1.1:rationale>The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</xccdf-1.1:rationale>
         <xccdf-1.1:platform idref="#machine"/>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "audit"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit
 
 class install_audit {
@@ -5257,6 +5252,11 @@
   }
 }
 </xccdf-1.1:fix>
/usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -151,44 +151,45 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -196,45 +197,44 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="zypper">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="gdm">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="zypper">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -242,9 +242,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3169,11 +3169,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -3182,6 +3177,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -6300,11 +6300,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -6313,6 +6308,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -7770,11 +7770,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 zypper install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
/usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -153,44 +153,45 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -198,45 +199,44 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="zypper">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="gdm">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="zypper">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -244,9 +244,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3171,11 +3171,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -3184,6 +3179,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -6302,11 +6302,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -6315,6 +6310,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -7772,11 +7772,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 zypper install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
/usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle12-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,514 +7,508 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
+      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
-      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_enable_syscall_auditing_ocil:questionnaire:1">
+      <ocil:title>Remove Default Configuration to Disable Syscall Auditing</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_enable_syscall_auditing_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_squid_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall squid Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_squid_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
+      <ocil:title>Verify Group Who Owns SSH Server config file</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
+      <ocil:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_strongswan_installed_ocil:questionnaire:1">
-      <ocil:title>Install strongswan Package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-aide_scan_notification_ocil:questionnaire:1">
+      <ocil:title>Configure Notification of Post-AIDE Scan Details</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_strongswan_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-aide_scan_notification_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,44 +43,45 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -88,45 +89,44 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="zypper">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:zypper"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+    <cpe-lang:platform id="gdm">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="zypper">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -134,9 +134,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -3061,11 +3061,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -3074,6 +3069,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -6192,11 +6192,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -6205,6 +6200,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -7662,11 +7662,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 zypper install -y "gnutls-utils"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
/usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -163,14 +163,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -178,90 +183,85 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
-          <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="zypper">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="zypper">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -269,9 +269,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -4875,11 +4875,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -4888,6 +4883,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -8824,11 +8824,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -8837,6 +8832,11 @@
   }
/usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -165,14 +165,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -180,90 +185,85 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
-          <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="zypper">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="zypper">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -271,9 +271,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -4877,11 +4877,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -4890,6 +4885,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -8826,11 +8826,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -8839,6 +8834,11 @@
   }
/usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle15-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,1054 +7,1054 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
+      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
-      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_enable_syscall_auditing_ocil:questionnaire:1">
+      <ocil:title>Remove Default Configuration to Disable Syscall Auditing</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_enable_syscall_auditing_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_squid_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall squid Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_squid_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
+      <ocil:title>Verify Group Who Owns SSH Server config file</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_use_approved_ciphers_ordered_stig_ocil:questionnaire:1">
+      <ocil:title>Use Only FIPS 140-2 Validated Ciphers</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_use_approved_ciphers_ordered_stig_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
+      <ocil:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_strongswan_installed_ocil:questionnaire:1">
-      <ocil:title>Install strongswan Package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,90 +63,85 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
-      <cpe-lang:logical-test operator="AND" negate="false">
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="zypper">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+        <cpe-lang:fact-ref name="cpe:/a:zypper"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="zypper">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:zypper"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -149,9 +149,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -4755,11 +4755,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -4768,6 +4763,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -8704,11 +8704,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -8717,6 +8712,11 @@
   }
RPMS.2017/scap-security-guide-debian-0.1.62-0.0.noarch.rpm RPMS/scap-security-guide-debian-0.1.62-0.0.noarch.rpm differ: byte 225, line 1
Comparing scap-security-guide-debian-0.1.62-0.0.noarch.rpm to scap-security-guide-debian-0.1.62-0.0.noarch.rpm
comparing the rpm tags of scap-security-guide-debian
--- old-rpm-tags
+++ new-rpm-tags
@@ -166,4 +166,4 @@
-/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_average.html b775c963e90cb6872dd58443d8876381816154ded801e45ee476fb35030ebfbc 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_high.html d20b3d1b95f3d5c32aa125b0e6fbe40e5ba80598bc0bc9d89720d59bff515ea9 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_minimal.html 94cd018e92cbbe06a7f8570b996402a80e1dca6b9a1ed76b3047fc75e7ac06ba 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_restrictive.html 482008cfb9f6b9ab109b95c6d3eb9c5c16e9859821debf26a4db4a18f1c05586 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_average.html a1f3cc5189e3573c63ea75467dda8c04a1c05b771a852ac872bfa203485de436 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_high.html ad8e34d26ec3922a1b7548e749f6bf06354a2c630491192d67784b2560361cdf 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_minimal.html f2a1d208d897630b6e752432524e6140b358cd625245479f28fcde782af3bac9 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_restrictive.html 6cb47a229cf6366ac125b92034a8411453445ae2bfab2fa464bfd41af0adc879 2
@@ -171,5 +171,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-standard.html b40201faa605f8e7e7efc0c42300712c9bd7305d99f956eb9faef18ccbded7fc 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_average.html a61ad079547fcedd3d1ffc295963a32eaf0d882d263b5a3cb65a98ecdcfcb16b 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_high.html ba38c1d23a57fd4e88ee8ae7f0148f7c3219e30683b70232f40ce8827314810b 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_minimal.html 08b5aba92833c92d31db5a4036486dc2e595c654755c5c1a1649374640cb26ae 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_restrictive.html 795642a60220eeef26e91c127417b944af301ad5c9f5c33eebad3022f1b3382a 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-standard.html d24ca16d949361de74c8be4f6dc9774d0231ac0fedd3992169f9635769e11e81 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_average.html d38bca09108c7c3eeba289726539148e6965cb729004db03536f02f7c46e9d5d 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_high.html bcc89f3a66ab19655fce342eea1c9c36966849cb346a1fde01b0074492cba547 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_minimal.html 8d3f4272a3e1216474ce4b93295830d95eb24333c64917fd2575da152a41ab70 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_restrictive.html f9ec9c6175ce6671583f1b72c11bc6609ba4a74fa0834299d7685c5e30816b18 2
@@ -177,5 +177,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-standard.html 5e3c7dd6333e42e25d18bbf86ac106ff2539262b504994dda64161f1f1764887 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_average.html 15ca7e5983427da5238d9b028ba53089fa41332773069571bc427af4fb283f07 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_high.html d29ef7bb444f265eef738471e2562bbafc39d22c399251f2da91b1669196d0e9 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_minimal.html 6e03993bc7a9848c3a15f088221c6a22ff48f73cf14453645042ff544cc7a167 2
-/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_restrictive.html e800d30d839b81dec2cb524a58d006eae3d4d6ead25c9375efe8c1101ed1524a 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-standard.html 462a7acb9f2eee25a2940476c673b4d645798ccbe897ef0f817ab6f4c0fcec7e 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_average.html 6cf7108528f8f38af18f07862bd164000ea33f52d6f005746cb88d83f3a7ccf4 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_high.html cbe495c8cc6d3d187af20ac23c48902d64672e0cad667f81db9493ca07b9b12a 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_minimal.html f39014d27a21be742ad856872c50f29894764fedbee02d5799c317e08312598a 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_restrictive.html 379da47a1d74a91afccf6ba71ae497c2a0c66fda7e063bca47634042be8a41f3 2
@@ -183 +183 @@
-/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-standard.html d373b2da310b4d774f9337ba1aafd6efa372a22a1325ea889577aa78635a4a86 2
+/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-standard.html 0a1f27f37cfb02a4f0286add9c3b0f94ba4294dedd176146d288606d3ad1aebc 2
@@ -226,3 +226,3 @@
-/usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml cf7d5d851c13a9a8eac15decb34208e92c03bac0676f46f0d0ff4d04f61fbfcb 0
-/usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml a86697560c680c32222460c66e4fb828b7d31048878bff60a36e937daeea0cff 0
-/usr/share/xml/scap/ssg/content/ssg-debian10-ocil.xml d21c264512eb857c7aeb652948829e4a1ddd26b9df7aac88cfe9098681a857b2 0
+/usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml 4bfe147044c66c8acfdc4df952841685622adcb3a755739676c6d9e5aa6163b6 0
+/usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml dcdb78ec59fc591f6ab6516dc6fcd78b239f697aae6822781054ba9efcbd3b46 0
+/usr/share/xml/scap/ssg/content/ssg-debian10-ocil.xml 6f767bbe2ae685182279bcc6868a30e897a9f9b6f4346bc4b44354e93ce88d73 0
@@ -230 +230 @@
-/usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml 0a87a329d3617784cb9072c83dc4ee201cc37a00126fb5bd9ba0c8c7fd529f75 0
+/usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml e8418409635243928b3d99df6d309753bfa5a0c96cf1370b16ae6b1120fe85e2 0
@@ -233,3 +233,3 @@
-/usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml b9a584cee9dac571f200238db75837489b5d339afaa8c67c99a423bbb55cb0e1 0
-/usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml c4de384910972a31eb778859965f71deecb2c56d943388d53d8c02e082b9157c 0
-/usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml a35b60d8ff2026ef51aaf1280e050a6bba4eb0c0fbc0119734a651281dbb7a61 0
+/usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml f9103a647dfebed665900ba99cd1b2dbecb40c10a86f7f4f1d8d70df03491c20 0
+/usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml 5376243baa0a9bb5faf284b78ea9f73a546426aada6dc084e542a12e6adda773 0
+/usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml 7230ef5845431a6843c8963437700e3147ba5ea1fcc56c7bd97da822f169ac8e 0
@@ -237 +237 @@
-/usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml 86eda0d1d6035c2dc8c29541e2ac6cf711c60c9c685524f89af632af30e9dd98 0
+/usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml 4df00d0795f7b6aa25a3f6f656fa44f196bf2598b6f4aa021236d614c4c1e515 0
@@ -240,3 +240,3 @@
-/usr/share/xml/scap/ssg/content/ssg-debian9-ds-1.2.xml 0c9b0f69e0716608c4470fd24239ac3129f59d064b8a6a68b98a1a402d656f29 0
-/usr/share/xml/scap/ssg/content/ssg-debian9-ds.xml ff0e9d3579493236b06e0e737052919593b70ae6f7dc412df8a621109db98920 0
-/usr/share/xml/scap/ssg/content/ssg-debian9-ocil.xml 5fdc1df72f1358ffeae7973ae708a1b4387e65dc17f0ecb25df786decf41c612 0
+/usr/share/xml/scap/ssg/content/ssg-debian9-ds-1.2.xml 16ff314c8695fc4dd3508a0e51d4ef2fa2d1468a2d4de493bfff27e033e5aa51 0
+/usr/share/xml/scap/ssg/content/ssg-debian9-ds.xml 88c371c98bb42dc8fea9ea489d00d9630cd9ccfa6d2534d0e940b76a461604bb 0
+/usr/share/xml/scap/ssg/content/ssg-debian9-ocil.xml 386a832038309e43eb3dfd277708511bbc321314398a6d36aaf66fd8eb445853 0
@@ -244 +244 @@
-/usr/share/xml/scap/ssg/content/ssg-debian9-xccdf.xml 2ff69276fab3efd8755c0c4b4264cecb0ae121c7f5f58c50032ad7596068dfb5 0
+/usr/share/xml/scap/ssg/content/ssg-debian9-xccdf.xml 22e14b97f8b74304b71f432412be5598e2e3f049f0bdf1dd5b3282ba8856c6cf 0
comparing rpmtags
comparing RELEASE
comparing PROVIDES
comparing scripts
comparing filelist
comparing file checksum
creating rename script
RPM file checksum differs.
Extracting packages
/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_average.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
@@ -483,17 +483,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -514,10 +514,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -525,6 +522,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -554,17 +554,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -585,10 +585,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -596,6 +593,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1697,17 +1697,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -706,17 +706,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -737,10 +737,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -748,6 +745,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -777,17 +777,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -808,10 +808,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -819,6 +816,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1704,17 +1704,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id95" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1954,17 +1954,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id119" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1993,10 +1993,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2004,6 +2001,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -237,17 +237,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -268,10 +268,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -279,6 +276,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -308,17 +308,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -339,10 +339,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -350,6 +347,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_restrictive.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -685,17 +685,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -716,10 +716,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -727,6 +724,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -756,17 +756,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -787,10 +787,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -798,6 +795,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1683,17 +1683,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id94" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1933,17 +1933,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id118" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1972,10 +1972,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1983,6 +1980,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian10-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -230,17 +230,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id11" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -275,10 +275,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -286,6 +283,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -549,17 +549,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -580,10 +580,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -591,6 +588,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1462,17 +1462,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id78" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1495,10 +1495,7 @@
 The <code>cron</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable cron.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Due to its usage for maintenance and security-supporting tasks,
 enabling the cron daemon is essential.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_cron_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1506,6 +1503,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -1756,17 +1756,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1795,10 +1795,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1806,6 +1803,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_average.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
@@ -483,17 +483,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -514,10 +514,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -525,6 +522,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -554,17 +554,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -585,10 +585,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -596,6 +593,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1697,17 +1697,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -706,17 +706,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -737,10 +737,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -748,6 +745,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -777,17 +777,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -808,10 +808,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -819,6 +816,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1704,17 +1704,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id95" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1954,17 +1954,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id119" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1993,10 +1993,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2004,6 +2001,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -237,17 +237,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -268,10 +268,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -279,6 +276,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -308,17 +308,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -339,10 +339,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -350,6 +347,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_restrictive.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -685,17 +685,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -716,10 +716,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -727,6 +724,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -756,17 +756,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -787,10 +787,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -798,6 +795,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1683,17 +1683,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id94" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1933,17 +1933,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id118" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1972,10 +1972,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1983,6 +1980,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian11-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -230,17 +230,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id11" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -275,10 +275,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -286,6 +283,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -549,17 +549,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -580,10 +580,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -591,6 +588,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1462,17 +1462,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id78" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1495,10 +1495,7 @@
 The <code>cron</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable cron.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Due to its usage for maintenance and security-supporting tasks,
 enabling the cron daemon is essential.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_cron_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1506,6 +1503,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -1756,17 +1756,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1795,10 +1795,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1806,6 +1803,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_average.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
@@ -483,17 +483,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -514,10 +514,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -525,6 +522,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -554,17 +554,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -585,10 +585,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -596,6 +593,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1697,17 +1697,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -706,17 +706,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -737,10 +737,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -748,6 +745,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -777,17 +777,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -808,10 +808,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -819,6 +816,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1704,17 +1704,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id95" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1954,17 +1954,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id119" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1993,10 +1993,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2004,6 +2001,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -237,17 +237,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -268,10 +268,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -279,6 +276,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -308,17 +308,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -339,10 +339,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -350,6 +347,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_restrictive.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
@@ -354,17 +354,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id17" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -399,10 +399,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -410,6 +407,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -685,17 +685,17 @@
 <pre>
 $ apt-get install syslog-ng-core</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The syslog-ng-core package provides the syslog-ng daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_syslogng_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "syslog-ng"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_syslog-ng
 
 class install_syslog-ng {
   package { 'syslog-ng':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "syslog-ng"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure syslog-ng is installed
   package:
     name: syslog-ng
@@ -716,10 +716,7 @@
 The <code>syslog-ng</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable syslog-ng.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>syslog-ng</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_syslogng_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["syslog-ng"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R46)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_syslog-ng
 
 class enable_syslog-ng {
   service {'syslog-ng':
@@ -727,6 +724,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["syslog-ng"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service syslog-ng
   block:
 
@@ -756,17 +756,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -787,10 +787,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -798,6 +795,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1683,17 +1683,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id94" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1933,17 +1933,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id118" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1972,10 +1972,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1983,6 +1980,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-debian9-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -230,17 +230,17 @@
 </li></ul></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_audit_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_audit_installed" id="guide-tree-leaf-id11" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_audit_installed"><span class="label label-default">Rule</span>  
                                 Ensure the audit Subsystem is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_audit_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The audit package should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The auditd service is an access monitoring and accounting daemon, watching system calls to audit any access, in comparison with potential local access control policy such as SELinux policy.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_audit_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001875</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001877</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001878</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001879</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001880</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001881</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001882</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001889</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001914</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-7(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(2)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -275,10 +275,7 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -286,6 +283,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -549,17 +549,17 @@
                                 Ensure rsyslog is Installed
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_rsyslog_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Rsyslog is installed by default. The <code>rsyslog</code> package can be installed with the following command: <pre> $ apt-get install rsyslog</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The rsyslog package provides the rsyslog daemon, which provides
 system logging services.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_rsyslog_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FTP_ITC_EXT.1.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000479-GPOS-00224</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -580,10 +580,7 @@
 The <code>rsyslog</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable rsyslog.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The <code>rsyslog</code> service must be running in order to provide
 logging services, which are essential to system administration.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_rsyslog_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R5)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT28(R46)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI04.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001311</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001312</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001557</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001851</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.17.2.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-4(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -591,6 +588,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1462,17 +1462,17 @@
 configured defensively.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_cron_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_cron_installed" id="guide-tree-leaf-id78" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_cron_and_at"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_cron_installed"><span class="label label-default">Rule</span>  
                                 Install the cron service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_cron_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Cron service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The cron service allow periodic job execution, needed for almost all administrative tasks and services (software update, log rotating, etc.). Access to cron service should be restricted to administrative accounts only.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_cron_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R50)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1495,10 +1495,7 @@
 The <code>cron</code> service can be enabled with the following command:
 <pre>$ sudo systemctl enable cron.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Due to its usage for maintenance and security-supporting tasks,
 enabling the cron daemon is essential.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_cron_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(4)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(b)(3)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)(2)(ii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1506,6 +1503,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -1756,17 +1756,17 @@
 information on the capabilities and configuration of each of the NTP daemons.</div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ntp_installed" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_package_ntp_installed" id="guide-tree-leaf-id106" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_ntp"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_package_ntp_installed"><span class="label label-default">Rule</span>  
                                 Install the ntp service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_package_ntp_installed">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The ntpd service should be installed.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Time synchronization (using NTP) is required by almost all network and administrative tasks (syslog, cryptographic based services (authentication, etc.), etc.). Ntpd is regulary maintained and updated, supporting security features such as RFC 5906.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_ntp_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -1795,10 +1795,7 @@
 <br><br>
 The NTP daemon offers all of the functionality of <code>ntpdate</code>, which is now
 deprecated.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_ntp_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT012(R03)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000160</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-8(1)(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -1806,6 +1803,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
/usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian10-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-debian10-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian10-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,268 +7,256 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_login_events_lastlog_ocil:questionnaire:1">
-      <ocil:title>Record Attempts to Alter Logon and Logout Events - lastlog</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_login_events_lastlog_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
/usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,29 +78,34 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sudo">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -113,9 +113,9 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -123,9 +123,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -1926,11 +1926,6 @@
               <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.1:reference>
               <xccdf-1.1:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.1:rationale>
               <xccdf-1.1:platform idref="#machine"/>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -1939,6 +1934,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3738,11 +3738,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3751,6 +3746,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3782,11 +3782,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3795,6 +3790,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6594,11 +6594,6 @@
         <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.1:reference>
         <xccdf-1.1:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.1:rationale>
         <xccdf-1.1:platform idref="#machine"/>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian11-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,268 +7,256 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_login_events_lastlog_ocil:questionnaire:1">
-      <ocil:title>Record Attempts to Alter Logon and Logout Events - lastlog</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_login_events_lastlog_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
/usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,29 +78,34 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sudo">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -113,9 +113,9 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -123,9 +123,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -1926,11 +1926,6 @@
               <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.1:reference>
               <xccdf-1.1:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.1:rationale>
               <xccdf-1.1:platform idref="#machine"/>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -1939,6 +1934,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3738,11 +3738,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3751,6 +3746,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3782,11 +3782,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3795,6 +3790,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6594,11 +6594,6 @@
         <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.1:reference>
         <xccdf-1.1:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.1:rationale>
         <xccdf-1.1:platform idref="#machine"/>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian9-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian9-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian9-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian9-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,19 +143,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -168,14 +158,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -183,29 +178,34 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sudo">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -213,9 +213,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2026,11 +2026,6 @@
                   <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.2:reference>
                   <xccdf-1.2:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.2:rationale>
                   <xccdf-1.2:platform idref="#machine"/>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2039,6 +2034,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3838,11 +3838,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3851,6 +3846,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3882,11 +3882,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.2:rationale>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3895,6 +3890,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6694,11 +6694,6 @@
             <xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.2:reference>
             <xccdf-1.2:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.2:rationale>
             <xccdf-1.2:platform idref="#machine"/>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
/usr/share/xml/scap/ssg/content/ssg-debian9-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-debian9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,268 +7,256 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_login_events_lastlog_ocil:questionnaire:1">
-      <ocil:title>Record Attempts to Alter Logon and Logout Events - lastlog</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_login_events_lastlog_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
/usr/share/xml/scap/ssg/content/ssg-debian9-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-debian9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-debian9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,29 +78,34 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sudo">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -113,9 +113,9 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -123,9 +123,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -1926,11 +1926,6 @@
               <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000445-GPOS-00199</xccdf-1.1:reference>
               <xccdf-1.1:rationale>The AIDE package must be installed if it is to be available for integrity checking.</xccdf-1.1:rationale>
               <xccdf-1.1:platform idref="#machine"/>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -1939,6 +1934,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -3738,11 +3738,6 @@
 other required structures.
 This package contains command line TLS client and server and certificate
 manipulation tools.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3751,6 +3746,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3782,11 +3782,6 @@
 server applications. Install the <html:code>nss-tools</html:code> package
 to install command-line tools to manipulate the NSS certificate
 and key database.</xccdf-1.1:rationale>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3795,6 +3790,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6594,11 +6594,6 @@
         <xccdf-1.1:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000342-GPOS-00133</xccdf-1.1:reference>
         <xccdf-1.1:rationale>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.</xccdf-1.1:rationale>
         <xccdf-1.1:platform idref="#machine"/>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audit-audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audit-audispd-plugins
 
RPMS.2017/scap-security-guide-redhat-0.1.62-0.0.noarch.rpm RPMS/scap-security-guide-redhat-0.1.62-0.0.noarch.rpm differ: byte 225, line 1
Comparing scap-security-guide-redhat-0.1.62-0.0.noarch.rpm to scap-security-guide-redhat-0.1.62-0.0.noarch.rpm
comparing the rpm tags of scap-security-guide-redhat
--- old-rpm-tags
+++ new-rpm-tags
@@ -648,2 +648,2 @@
-/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-pci-dss.html 5a5234051bd3cef952cbe8ae1bbb5ccea55ceeff641a1e6e1910e0a9236ca5de 2
-/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-standard.html 4950c8240a705c420f7b2a6fc9be788fae42c3d9b56267fc6b42ab50949f2791 2
+/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-pci-dss.html 8a974a1af22cd8edfcd19f2948d8b1f06371acf45d7d6130b23865ff705bbc69 2
+/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-standard.html 6ef15939165f7ce576e431029fa6f6a97fd478ffa6d6ced09ed7b42031d22504 2
@@ -651,13 +651,13 @@
-/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-pci-dss.html 33ed172899a417f119c5af250eba4fb7b955aa0db8cc4da5ca7b45d1d5480645 2
-/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-standard.html d0c45181535ebd1de91d9b2771fadb8079bb1b29467628e2d277721f984686d2 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_enhanced.html 67b3950ff424e691cf48a703f92adb5c238f3527cd2586179b0d08f70d30e993 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_high.html af0c901eff8bbafc30a3f496867d600252a6c55ff0bbec90cc69fa10d8596a07 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_intermediary.html 91197af363c07377b64b208554aae2a86c5eae69ab9c5f8cd46bda786be0be3d 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_minimal.html f8a9d3771c5c273e71c37cc93366576ca740c3d1548416cf415c9df69b8b1a3e 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis.html cabaed5b17da758aadc76d792aae0e7b1eb90ae888468880b1163c6152d38945 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_server_l1.html 41ebb713c0727e651a4bd3d4ee47dd8c59745b828a28991ac9f650407a711c26 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l1.html 96b4c6264a4c64b89b55f46133a016ac2fee493f3bbee3298829890bc8fd08b9 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l2.html 75c23e98705a40f340b9bc1216b85d8d74f0d8dae88b188f7ca66f7ce7299cff 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cui.html 758129cc573f9cb6660d6f19c931bdf49d5782af238f70b747a44e14c3913254 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-e8.html 6852a9c5d292971a8bd9e0d2a84172c2371931b0b49e7b28afb8662fa6e59cfe 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-hipaa.html ebb0782b5a9e022f71e645da6b8d8ba19c8882f348aab1974da2c62c85ce4a38 2
+/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-pci-dss.html 985abe49c6ded298c7c87736be443110df20a9661b978559be4318507acb4163 2
+/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-standard.html 162e7b61b601930ee58f2d89bc6eed58a6c8c865c9a29221075393435e459ed3 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_enhanced.html ebd53d2af9df7a5cd2f75297e70a605e9e470a7d1f86c5dc467789e7e3bab154 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_high.html feeba4d2d1aaebf6e29f490872975c444047f28c184dcd8f68bb91c87cec0007 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_intermediary.html e613f36b44bcea51fc1756962ce000a4b1d57bcda8ac914fdc08cf0db502c285 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_minimal.html 4c147e53965105a34d508dc1488206b59d1a37b446ce159eaf989e2b9a924cca 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis.html b6a6be60dd70b2b4943ef35a60bfef12fbd0259189016b920476d4a66f78bc4f 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_server_l1.html bca7a8802a29f98df55f6d201780625295878d3c0d9b7cf3dee3081207b46770 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l1.html 2e29d50e88c370a04422a30aad2b4a807b88ba0824611038cc022e4e89dce778 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l2.html 41df9c84af07eff20779f83d7249388581456733377c6f7259164476ca907ca0 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cui.html 582dd1c8f6e08205efe46c0cd00b408272aa1c7026f2e45d37a5a3e655644441 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-e8.html b9d10b55aa3fc49e04ea04fab5460c047d9132fc17585366ef08931ab2281e98 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-hipaa.html a045b2fce0609d7e7ff4bbc8ad6c9cf551f14b2e3a2bbe4dddd2859a5b17c537 2
@@ -665,5 +665,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ism_o.html 58da38c0cb6cd833c2f95d1a865e6024c8fab8e9fdb7c3fd6b43327c8799578f 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ospp.html 62773ac61db03187452653d22c33d134e17989fe54fb0f23bb1382ace2782569 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-pci-dss.html 1b007f34b004c647a65600668c922c6ef94ddd983aaaeb443b77acd649d99ca6 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig.html 19a719aa5cb9b2cb98778f404a09389ee964caa23930f32a7cbc596c973f5fc5 2
-/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig_gui.html 94495db2ea1366ab1c1e10ecd914175978861646d7046164b660f82e2e9fe8e1 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ism_o.html ea1e603c7d0e53112440db69fa2a8edc193e1a8ee92b4a307c68d0d2c92073c1 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ospp.html f98b660e573e47435c27a1bf016a13cf0a2ed0a27c8bc3f55a57e34c2714870a 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-pci-dss.html 7a702cdb5ca9c51bd346ddc7dacd25ee3607ed9f30b1857199c01f4977f10727 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig.html 6a5484d4128534c0448fcce1e9f2bffc4c0ed84268c8157694ae37bb0ca7ed63 2
+/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig_gui.html a07f3df06bb4af72d5cd9c79c40bf999054bde49bcdb2ad0d318f8f52665f448 2
@@ -671,11 +671,11 @@
-/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-ospp.html c08c93b4cd904904df0c02c78b2af11cccb7c87eb7e6c06964cbf1467506cf3e 2
-/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-pci-dss.html 8348b0bbb30d93693b2b1e486a506dc425a7d91fa0a37b62671e265480aec6dc 2
-/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-standard.html 107c1ec8bf09a61bd4f972f408d6d17305720e1844bde07e41a5149598227f34 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_enhanced.html e601236740507d073ad36e9a432a26805ef1dc7d90e30a6c16ee11ae23929479 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_high.html e0253e8e7af54501788863e00d49e08d784917f6fd93d9c08e1058fc2acd9575 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_intermediary.html 7979565b7873de6edf6ba80908f7982a79bcd923e5265e267f2ecbf708e535be 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_minimal.html c3faf922a5ad0c64228d68f51b2245ebb530fe5340add48aa892b27074bff298 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cjis.html d479ef3872f97a3128b3edb9257201ab97afe4cfee77454fb6b2cb32fda213d6 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cui.html c0065a50fab648bda58b740704fdc925ce545b5fc021228be9072a7c617af989 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-e8.html 021024e95f0b784efcbc6e9f5b5e8c33216d1d0db47805cae6eeaa2571caf2f4 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-hipaa.html daf9a1e3a3d333bae987de4cca06b14e213bdcef7d23582139901cba8b4e2efc 2
+/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-ospp.html 58d73c72ced30bf87a80c5608277af1d4cf198af6d6eb260782dc6531ed032c6 2
+/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-pci-dss.html 50646c65e08145c66867c1fb450bee215b3c80734ca8f335cb48173d7236ff7a 2
+/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-standard.html 2f28d458aaa3c2afd584ae65b83990f47a52902a27a57028a593ac39418f58cd 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_enhanced.html 25d8f64be75dd52cf998e998be5865d6cbfa01b3d8a910655d22ec0889683c83 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_high.html c09a91a2cb8455cb4104a68ba9e32f25194e43ee5e464f757a23167c9afa6b15 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_intermediary.html 07992fb99d612bb5cdc8093849bfbcc80368f3a55c18ccabcdce26bc76633e4c 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_minimal.html 3bca3058865e1227f08a8bcf879b26703d643d506272788ed697fc57da3c829d 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cjis.html 4a49ad66abd49ab8ebbf25955c87ad9190e7e6a6f939d91b9307ca472fb2a141 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cui.html 83adbb4b1db81b37f7dc476673a58f4daf0836cbe4ddacf00063039429f8d70b 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-e8.html 11e45e1c9a8fb06185da7086b5edff9094f56d807bab1357467f91735d5ba699 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-hipaa.html 95731f28f8843f665e0ce71cc58f7d9b7cf135ee24a16f7b90d588be6b8893f4 2
@@ -683,14 +683,14 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-ospp.html 8d059aa27bfea11cd22ab09acdc50518870c180f479335c305d159998346832a 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-pci-dss.html 00f21b58c0a4a56a3d347c6fbdda13a77bb350f2339eb460b692038a012740b8 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-sap.html 90861a9055c7d0fccd2b3084177e040dcbac08a815e23e91ae864fd7632da3ab 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-standard.html 81cc29243d8a323b1545db7e1528b856ce39d7dfc3001906d9d56ebdbf630dee 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig.html 6839b5eb6f988eddd603873ffcd1e3e36bfe0f24c8d64276c99fdf2275f716b8 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig_gui.html 54cf0ec4eec64d8f55a5b67da75595ca346b4f00a10dba3bdca4374006e997df 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_enhanced.html a1fa88f01e5dbb10f179097ce074c00f30aa20bca92dbb8be6d6f97d562bc22e 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_high.html b006783373e1de80266e71ea47949fba023aee10e907b2e9932fea06ff37ab9a 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_intermediary.html be0dfcd767e1f3bc47f2202562e4921019a6e17fae5b1d25c17f6010fa618056 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_minimal.html 0ea5a37fc7d9dd8b1923fb25d915ca682ee1f099b3f682fcb08eb95620c18929 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cjis.html b0e01aaaf0d4e8af158146800b499188217d241be441e457e20972bbb5021789 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cui.html e11c6fed8f31fecc7c31a038b933bd2ac20be2db2982c8a55e07c829044f0b49 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-e8.html 84286961050db1b64fb9b964a9eea9222fcdb645e7a70e0736458f56f7d9b5e0 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-hipaa.html 1fd4367e28dfcb4551e8db6b94842ecf0cb8cf5912f3b9e24c089d73bdc38602 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-ospp.html d949201b67027918fc0b00ff9b79c0f4fcda3b1f9194f987571fa0fe14dd90d1 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-pci-dss.html 5667e5ca3178980441f1db74ab8b71c7e7ffda367c3e855067b586da586a7cc2 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-sap.html 0045e978e28bfc85835554a6660fbe97ee9cc4c1ba75c8516080fd443553249f 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-standard.html e638df93389d86291781be4767a672573af6604c6ee9816a38d5b985b14909d2 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig.html 459deed73b9b3ec86b0f2dbb8ef3d5d6d72b6778be7e092f12f047dc81bcee41 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig_gui.html 057988b231f8561867f50eb0162441f775049e35edfda9036a580ec1d9b9c14e 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_enhanced.html c414f51b635d2b3926e67ab2257a57ded203afad68b4ea490c1eed730d28bcec 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_high.html 3efb87e21b6b43e5a4eae4a35722370facaff197aba70820dc892b1511d1d203 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_intermediary.html 523aa4930b63d21ba8d9035f449b46200dce06b38c4aba9f44c8a2eeace53359 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_minimal.html c6c3b45fb0e921bf95c5f41daeb7903d0d270c08987fd1b6e35fe88203b380ce 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cjis.html 294e865b65a084f993d9a5bd6a8bc5d82db66afbdb368f614e68a1dd9ceb47bc 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cui.html bf04c8c973fbf54528202dbfe1f1fa60aca0d947080cac3d5898769503fd5671 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-e8.html 6e1d8fefb3caf86509752772e0187d55f57f36c134f11e242e9075f37ccc5afe 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-hipaa.html 7b46c9eea0b7c2b9c9435d5fc049eb0831740995a351e5336acb48acbf879301 2
@@ -698,5 +698,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-ospp.html bb3ba6f28d3cff7c7388d5c9ff518d3adf480a7d0c95a99d9fab7d6157cff77c 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-pci-dss.html f7401bdc85bdb7ba8ffab62e4dfb85c9500ade9bdecbb7d625b7e7f1c9354788 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-standard.html e2babb2cc13e68493da4497d90267392d7d5bd10c800de13c7695dca0b5bd306 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig.html c19c685bc5622f2891023ec098ffa446e28215ffb7935b603b607ec1d00ea186 2
-/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig_gui.html 33d5772662e6d9dd196b116b33375f52550d91351087c24a0c8ec4c1be9ad9ed 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-ospp.html 95fbd882b28fead680e5b4dc097be6d6d735a81478fe7a9ef21a9936fd217448 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-pci-dss.html 25018b5cb312050eb6eed5e0210887f125177aea799f166d9895003fd7254914 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-standard.html 6d5637f38832f32f692ad5c7dab16b7151459da5582e436657e43403fcb1e08d 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig.html 87d0c90aa09cc0e6ad844927070f8c923e6268ac872001de0df99887e4678be1 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig_gui.html 898b4712bfd45891e2ee353b86969f304f0ff965c894795054afe1bad2937846 2
@@ -704 +704 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ol9-guide-standard.html 0f147bb505ba960c4f7a0deb7e8cb0433e98e03a44726965c7aca598d8e693f0 2
+/usr/share/doc/scap-security-guide/guides/ssg-ol9-guide-standard.html 4bc9bc3bd74a73a3e5501ec1352dd63e85da1c295a9f4a62ce9ddab687d1709d 2
@@ -710 +710 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-high.html 0153e4964738601e26fd9e51ae4dfe47f1b449ab44665a717df3c4d57f174e15 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-high.html 9def44f9b3f05c811f17ffe4c2be1f8d72eb34b820adfa2025e342f03ef402ab 2
@@ -712,16 +712,16 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-moderate.html 8049e05e69bf23751064bb0fcd8631fad9f165642fc78c9eef9dbbe3365299c8 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-nerc-cip.html 08ec87ea9cf4361cb4f235d83f81cbee3bf34839e8f1a3cd7bcda20c83e7635c 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-ospp.html 204227b3bd7bbb5f2f037c12a7bea13e57f2049b47fc1dc77b330286e853e8af 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-C2S.html 6ef2a8f54fe8a384b2085e53c4fa94f59def150ac0e531cb30776a65280dce42 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_enhanced.html c359ec270715138f76f851a8d4ac4876266b37eab084582646ee261b8ce3e6d0 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_high.html 7fffb2be691ade6041727726bd921eac50f58e4231f278ad6630da70865fe50a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_intermediary.html 42b15b51442d4cc07e0f321d62ba60d6936f077f085e253f55a8810d7e5e6e5f 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_minimal.html c4fdb1442c6fd208fc015e3f875f569586abea2d9b59df1c2cc9716124e6258a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis.html 4110486538d63c232db1151b48a5c3348a391f45c1f6ed0c7b36043a7ea006fc 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_server_l1.html 230dda61d70201aeccad0fe1b724b9be253ba4f6a70753baeb3562275a11863d 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l1.html 8c359b49300d978366b40870e0ff2fc4e7c2cd40d0714d074667ae55dafb7998 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l2.html 47a60b4b1dc52c7a6daa8f540dd91e6915013ec4e769f21626c0f71dfa672481 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cjis.html 9188a5763c05d391a8f6ec0a7fcab8c20f735c96e3a652051a7777b97f7f39a4 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cui.html 99945960ced2311419de325aaa87c981ab946f66a9f7feee889ee2d683ed7f4e 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-e8.html 05af4161ffd4b9090c56a78a7efef530c575b098e098026013a1b497bba0c20b 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-hipaa.html 9cba49cd916db280f310a76b9c0271112cf2bf6e591fbd39dcd99db1544ad669 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-moderate.html b6ca4d746ed1dbdc374082b66dcfc168f512c715dcb25af17cbe194f3f1152fe 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-nerc-cip.html fcd1febe9bdf769317b6aca41645bc079f0ffa1acb1a6807e6422efefc858e19 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-ospp.html 8521c80a8999971ec837719f842d47282524879dd73b8ad51daa7c985dec7974 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-C2S.html c023f1033e2294ed2bfee7aa997d5fa63d10c158da877e3b4e54f4a0d494b617 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_enhanced.html f30fc8d40819161e9c8bb4c8266924e9fc6a6c295ccbf1d570b4f25c59b65d27 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_high.html 4b03cf162747ed0841758539a3df70b7916c9620c5f3d44b241a952ad09cc893 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_intermediary.html d91885dfaa9f84b58ca0664d94206262b1c574a4123cbf6e813ad20581be3eca 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_minimal.html 6d9629f4efb1b4ad55da56abff9dc45cfb7bbf59ef50d263272568504b26072a 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis.html e8d73fda01f0865daf89d464242c254b13f8ba386baf04641ff079fe41e5f7f7 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_server_l1.html 39635cd06b338c12ba4df2761292befd6f1bebd0d60b5c27dd287f9ec3026a77 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l1.html 37316b99aa445b5cdee124b3763f81932ef9132936acc2f1cfef5441f6581a15 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l2.html b61c399750d93b07282b58d81cfa8316182047039924e579a20522a73b1b88ac 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cjis.html 7cad88b7b6e8077847733d01b314a7e22ba5ad8143e74543b76b9a1b799af447 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cui.html 24dfa594be498be5c7d2feb7b6f2fa916b3772a5007a684ad71a8a327844b693 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-e8.html 259872267b83ebecdc7b48ad231a2ca5df055a9e58d86e4ca91c84f6101f8756 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-hipaa.html 25d9e051742a2669564869092c56f3732e4d25b58570f3762aa50f9d832eed67 2
@@ -729,21 +729,21 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ncp.html d92ec8d84928d3f89078cbf794ec65c1e2cf05a819115bbf24b6bc3b9811bf52 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ospp.html 9d8e2ff5f146e4c871b1fe511ed3a9614c933daac7960d3e66afcfe3051e067d 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-pci-dss.html a2773683736e5829f103a307137f3a9ab78c24175b6fe1cab46fed9762ebf6f5 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-stig.html 77260e0e556f574bc499918dfb37c5d67d889e055d2fcc74c173bc4498d7de33 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-vpp.html efea0080152d9b523d1a0bfd77a6b784051f2b7d1fac8fcb2976130fff5cd5dd 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rht-ccp.html 7d53900f8dd508eb4946a6042e6aa50e62a6c6d5b485844823c1384adffca4c6 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-standard.html e0c90f3a74592be56925ef176553de28144d831704227415b5d078769fb063e7 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig.html 74ec6d6c54611a2d81ff21b1cb47e8d63db9fef8db997af3a97fbd30c62af2c6 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig_gui.html 26b646b10378c8729d83b9fbd69fce53cde129aae002dddcda1f7dffcdc2a997 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_enhanced.html 150d432aaff030b7bb2d8f078256605c130e83b35e829fdf6dcbec40330d0fb9 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_high.html 8d6b787c5e03602f11abfb9dbf5473a9a19653155e4592b9081558c8c9768a21 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_intermediary.html 909750190b556e5d7261930622e6d7a35544dbc390306d4ee7061961018b916f 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_minimal.html 7fe6a26a06150e73e712a0230091cf92f2c487a13adf3063834633ba863ee84a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis.html 76e35bd727e0dcb3b4e51f9abd67bf3991d12851036c75c6dc10f1aec23e223d 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_server_l1.html 9130ac0f180376abc480fccb4a5fc82bf625d1ec33be13d9d0ebf746bc580b0a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l1.html 581af46d4b13d39f4bbd6af3d8f3478bca4b72984021ed70e641187d9702deb0 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l2.html 06326c89eff339dba25804356d6ee51b389e0f54f67e1a028e217b2ae75b4704 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cjis.html 5aed6ed227c834b61e0bbccfe70d2f1a8ac9f50e8a498f9893445c59c5f8d929 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cui.html 2b567ace41da55eeee3df59e5cf3f5fdfa1f5e8b57b24b431ca08c210c3c46f9 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-e8.html cd6183ff90017b146e5a8de60da1fee1077066cd28bc37998c6988d67b4615b7 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-hipaa.html 6d1702b4f8f8ee1d27e6e01e913beeea2640118edd4d5647a7022c06396502ff 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ncp.html 96b852d10b67e33c5046fe21564b38e2f3e6418d0e091b0baab92256bd8161e1 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ospp.html 1ff0791eb539fa76b9160e2b27fb2aa965e324ecf9e46319db2595beb85a43a2 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-pci-dss.html e35a45f245ee6c6cb485300c18dd3968c9248c072224711d9a1b1033fb35a392 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-stig.html 3f9a755fd66c70da6252b92fda027da001e3df5ceef530d7e6e8b59b9715c769 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-vpp.html a7d07bb972e11178b0d789a47e40c4841f61307fecbea0e6405b096889890bc3 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rht-ccp.html 40fe18b783c2e7516090bf4cb18426096d0b414cc0f8de8e59d7298807e06875 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-standard.html 86a43de8413ea8184aaba0e5d162f671ccea25fedb429cbde17a356402bec832 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig.html dd684a8d8f949561bb6e65699d64e21ec66a2b6f93461744d34b6b07b4dcc7ca 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig_gui.html 416749ef14a9ea7930640322dc685990470f2d42bf0f6597c34b979d08ce09a2 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_enhanced.html f3b03166c21f0fc5c7e1a95b0cb2537e269e5e0b394daac538e29d4cf26481f7 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_high.html f5d8b0bd59d737fe8cf3cfb2cdfd0c7959e783cea84ee1c2ffe9936847e5f062 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_intermediary.html f2483f1070d45e44909182557e6b7025c531ca5a47ee1c72b57d201ce1b8c69b 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_minimal.html 62bd1e82e839aca57cc3ea467f5d26817e51618d94cb62a8bdad2d55c159ecb9 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis.html 1547e779cae39730474f9593ff4ade79a5a668a910171154e97466addc4c768b 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_server_l1.html 28b2648c449072eb95814bac96e21068807ba8909692cd554bab966c830f08cf 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l1.html 56feed5dd09ab17f2bf21f4e815b0c6f9660c3cdad0977a91bdec0791353221d 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l2.html 46f759091343273d5adf9a53221633548bf6b4ff8bbb47951da8a318021110cc 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cjis.html 8a92048e8b1372f000ef2ba2e5cd3eaa0b4b550618a2484257f6925ff095158e 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cui.html 15ce1480b1fb9bba3be0de4d067b4afc66d2cfb2d04ce107f998b08df375de51 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-e8.html 5ea18e702638deed0bef5a0b4ef9d006c3e86793f154fd547d01822adaad6aa6 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-hipaa.html e5c18aba3a1efcdb4262adf2395257236604cbe4d3100f6edfce6141fd8f6ebe 2
@@ -751,18 +751,18 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ism_o.html fdd96f703d499b901e89f7449d6165828630651ad1abf4395ef5cb68865b2a26 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ospp.html 99ac2cfce6c6de348736d24388ad9514ad6f2036c14b29e8d2dd3b5085460383 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-pci-dss.html 26d5ca362f6cfc314f51842eda71e9e10d32cb1409c4eb9d2e54471dc8993009 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-rht-ccp.html b8ffde91182cd9312b231df37fc9e94ffec0c9fa567be6a366cc21c5bea38b57 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-standard.html 733ad60f966f2d61518c706ff1443366fb4103cf4cbcc23b167292ff05f2a81b 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig.html 0d3706bc5724c6f6a0c13fc5af8a097cecaa2515df0c4d26154c803f42846641 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig_gui.html 69c133866fe815f70821c53a2d650b9f976ee001c4d27cb29e9e0a22fb46220b 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_enhanced.html 2428cf17bd9fa7191d9b7c058ce901d55968f4cf6a4e1841f6cfd46a35a6b244 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_high.html c39126cd3caee70a81db53d252389241363d4e1a8f0c145c6b6024dbb4dc4823 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_intermediary.html c2b3e1e75b96263aa72bf1e916100c531f9e1680cdbd4d84179f45afd574ed6b 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_minimal.html f2797f125cf666d680282deefa07c3c40331ce1ed82e70016d684bcac39e7076 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis.html 55b2e4a3107e711c5829ae7a737c70152c943ef9fc3d8eb63cb911f60be53a7e 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_server_l1.html a38448d0a30de83aad494e9259a7dc39edb698dfcc0a0e2b9319597c7a7d3157 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l1.html 771620c3d4c3c02c2162e281769b9fc9e9ace71bd23c76058c6f58a6572203e2 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l2.html 69b2c549359b9dc5b530d73a697152a5ff717deafe71e05281389127b6f24e46 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cui.html b50a0e0bdd526064ce9139509e40c4829ea958258737fc430cdcd52002f23a2a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-e8.html 9f9e30dc46c654eb729ecad0990ed07aa8ff66d25bdebd8b8a6408784c34f4fd 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-hipaa.html 686031de1ae30e5bb519fa904b35a8f9f2ee290d504465d5f1625c0eb5e33f92 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ism_o.html 9d19a5acff222b93d29b5a68c1e0f661542e14ad2a648e50b21a9ac3f78f16a4 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ospp.html 35061007fd8492e60941b8e37310c36925af515d3159c4007a799618ce8fd1a0 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-pci-dss.html c0c569c2b63cb1333e2bdb8e9ead46fdde939286785073c6fc779bcf13cd0567 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-rht-ccp.html 3ab497e547164e52b58ef13a9e99d634a13ba58996d8d508432082f9e51451f3 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-standard.html b74903576698b0ba09fd884d9c608143d3264a81402b5f1fb945ba3e8e3cc31d 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig.html c99549e8c7a8c50b2b4588f16f83e34fb13ec307e21c5335bf50b9f90e5190f8 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig_gui.html 0ea943eb30d8799a8e466d8303558d68b1c4591a89465c3cebce2eedddfb81cf 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_enhanced.html a9566a78268d3d48ae53428cf6ac3afa53068864fcdc609530492d0338220fcf 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_high.html c7ed68b6c47d538895cf1215b46fecea1942602da862c0b8d4517454595e88d5 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_intermediary.html 1b512fb8f2377a455524582e6cdaaac9ef032635d87168d5e5e4a54a4824a63b 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_minimal.html 6605fb9382c54b3ecd0a4d03082b12e9666be82aaa1f1ed51acea975e51eebcb 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis.html cbe2153fd3f46c1457124af35de3e4290140c1e95097f68ff10293b6a8830753 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_server_l1.html 8bf5156c1a55dc145aa28f1ba94a281d6a0bdd39cf4692f11ff5ee8483e296d9 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l1.html e76fafdbbecbf8b460dcd2c37c68525fc948c93f46ef81135217e63e478a00c4 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l2.html 87ff994b7cea26913b8447e9822b2b3f7a92f7ee25754483cc4ae6bbfad04c19 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cui.html 5759c07c364eedb2cec77a193b5c2c3770782e94596ac56b38104d451dea231c 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-e8.html 48cc19d19a6c5c06166f3db1e4a225c1e5881fa8fb04bda3b010466448defcde 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-hipaa.html 16edf183788e3bd0f1d0797ea6db6216f072a0c2f16fd7bf4461b2539114c541 2
@@ -770,5 +770,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ism_o.html 568fc45edd8046078c315f26462d7d165dee52ff5b43080d97add8789a1e0100 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ospp.html 97babc963f38325db1cffa9f2929c33e16764ccf103d82c22b9182f94c99377c 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-pci-dss.html 7f297fed4e09b5799a34a00f79b7d29b00cd60c129719c90bd8e11353da645d4 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig.html 849cb38f37800ecb2dbf2e657d72ecdd2d64a95e79d8b9b53e1d3be541686f5e 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig_gui.html 6333f8893e8895e4dfdb3d57a403e9520cbae175e81c754e9b42c1797bf7caa8 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ism_o.html 03e17cfdde6a8c49ce7a49f59e98a177adf5cdcb8dfb140a187a6497f0b5dbbf 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ospp.html c932191a006e7bcf2c581cb28434e1100015f1d09b12ab5cd3df54094950dfb1 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-pci-dss.html 531259834ac0e844863ef692eeb301990ed71671831f95423597d25831f3501d 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig.html 18977f53a4e27d3740ad174204f0f0521ea7ea9aff996a84299c5abefa08e052 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig_gui.html 397fef60c29ed2d694eae6a3614f1c3fa71f9d18c76d54c1fefb8f050ac2a31d 2
@@ -776,3 +776,3 @@
-/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-pci-dss.html 2750a822bb637724e89b576e64d4fd866f8d94e4ba2d5246e053a162ed93f20a 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-stig.html 14a69bf78f1519773a7fab379570f57f5305b8ab4bb2923a0c9bf00a3f918672 2
-/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-vpp.html f8007797657b4f8a6fcfea56d1d82b4babf0e45ec53c350265c4f5ce28e667b8 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-pci-dss.html 696558067b5a54bfd7c6e592f709a454e97a03ea48c3f21383a0008dd275a9ad 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-stig.html 3a14eb9d4332bb3a726a12a57db2d833bfc2ce7edafbdf6d4bcf086c8137d99a 2
+/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-vpp.html d550623eae47dde692ebdf56480665e7a7a63c528213f0fe9924ddae0c624613 2
@@ -780,2 +780,2 @@
-/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-pci-dss.html a25e77a5ed05445e88a159b0253eff12e90b8099f3eb188b593e1e18085d4e7d 2
-/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-standard.html 2803d92c2e88fee9ce511177f84822b74360c6d88c77d8d2db4f8a6da9caa70d 2
+/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-pci-dss.html 8138d665b7e6c725b43084dfb1b1cc9dad68f0929ecd2c6bd6ae6f2a28232e29 2
+/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-standard.html df84ac048c4bc90d73a1a6d6cf9982189124b0c4178fc8a328cec95c3fc01dcb 2
@@ -783,2 +783,2 @@
-/usr/share/doc/scap-security-guide/tables/table-ol7-anssirefs.html 328cfb4ddd2761dfadb86c80aa70d5becb991c7aeb59e0975ae1b1294bb432be 2
-/usr/share/doc/scap-security-guide/tables/table-ol7-cuirefs.html 693b878b667cb7ce4a2465cb05f628db8760ada64db91230163e8318a732fbc0 2
+/usr/share/doc/scap-security-guide/tables/table-ol7-anssirefs.html 7779bb70fad46c8c49af52d5fc29c6dbae7f8d91943a0a3d230516dd7536549d 2
+/usr/share/doc/scap-security-guide/tables/table-ol7-cuirefs.html 73c338d5cdc28c273e27d6b99e8df5e132401c3da4d4dfdc6f821c089b2ebbed 2
@@ -788,3 +788,3 @@
-/usr/share/doc/scap-security-guide/tables/table-ol7-nistrefs.html e90f57d60cf3ffd51997407f878882dad155e0595a5afd55b8e5e851b7f0acab 2
-/usr/share/doc/scap-security-guide/tables/table-ol7-ospprefs.html bbcd702fe2a451d35d977acfaafe686d293bc661d1fbe488a5d77549e57966f5 2
-/usr/share/doc/scap-security-guide/tables/table-ol7-pcidssrefs.html bc60db7a781756506cb59faabc4264938b07015a897c1976ee8ebad62308192b 2
+/usr/share/doc/scap-security-guide/tables/table-ol7-nistrefs.html 52f5a9986817f9e5afd3c7375e1baeea3a90d72ec3c3ba9c0e479691f9d0a3a5 2
+/usr/share/doc/scap-security-guide/tables/table-ol7-ospprefs.html 24f36ad35336ecd93aae1314bfb6abe34c89d8bdc9a159036995e7f713b9b0bc 2
+/usr/share/doc/scap-security-guide/tables/table-ol7-pcidssrefs.html 910b75eeeb1d21f7000b619ebaf009c93acd137f6ab36d94f8e4aa846327f747 2
@@ -794,2 +794,2 @@
-/usr/share/doc/scap-security-guide/tables/table-ol8-anssirefs.html ed1cf494e8a5b0553718dfc96316921395a79aa56147fc1b4fd1d3304bea6981 2
-/usr/share/doc/scap-security-guide/tables/table-ol8-cuirefs.html 8ff0a40bed2d462406a3bb4a5d5bc2659e25aed814050eb5bf72f47d3acf3bb1 2
+/usr/share/doc/scap-security-guide/tables/table-ol8-anssirefs.html 92bc2e0f6774f9e307ffc4f57ef0b07270fd164ecf6aa02bb2effdf25a83a3aa 2
+/usr/share/doc/scap-security-guide/tables/table-ol8-cuirefs.html ed65fa4d03ab7d879a1acdffbd0a1a7424427ca43c1a175b371211b08366a781 2
@@ -799,2 +799,2 @@
-/usr/share/doc/scap-security-guide/tables/table-ol8-nistrefs.html 4fbe5aec6aa7178a04734c8f761bdabdf5188eaf0c5b6c0de3199a07e3f2d962 2
-/usr/share/doc/scap-security-guide/tables/table-ol8-pcidssrefs.html 5397beb7136231710b51f6f1d149db52735cb28b111963361ba9bdba1d487c1d 2
+/usr/share/doc/scap-security-guide/tables/table-ol8-nistrefs.html daa776a035a17c2ca987a2ad35a48857c294931c4a282d470161b8cd511b4e8d 2
+/usr/share/doc/scap-security-guide/tables/table-ol8-pcidssrefs.html 789b185b145c3edcf3547bbaf000207d0c503800e7fd42327b3563ff6866e196 2
@@ -805 +805 @@
-/usr/share/doc/scap-security-guide/tables/table-rhcos4-nistrefs.html 3b68754b929d6d316c74be49544e67df36fa4ee2536fba6bc05978be2fff5d11 2
+/usr/share/doc/scap-security-guide/tables/table-rhcos4-nistrefs.html 8d4ca6ce45f8cd04988e74fb2ca4b01104d9ff24209c63c8d66bdcec96e2d39c 2
@@ -811 +811 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel7-anssirefs.html 859c399c37312925d00cea1c010a16d3a865b6459bab56621f9a046e464d1a16 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-anssirefs.html 11bd7f806158ccb1192bc09666f7bd2e47055adf8dd6ceb43a7a68f5e454593a 2
@@ -813,2 +813,2 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel7-cisrefs.html 1a47c9b889d85c4a7ea49e62e6580ed33a1c66d9f0f711cf7f4b0a1546ca5ffa 2
-/usr/share/doc/scap-security-guide/tables/table-rhel7-cuirefs.html 2e4b20e3e5d1ae085bc60241f8d2225c1d6658095ae3d9ec44d0560fc858a701 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-cisrefs.html 5a4ddee87c1e1d22260b615ffd0a68ebd70a63cc0d7276f9d8e5d6f154052f8d 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-cuirefs.html 8cd85c2459c924f5219724d4dc1852c51fc8f181b3c7e1a4673fecf881ce04b2 2
@@ -819,3 +819,3 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel7-nistrefs.html 9e06af2146cbb761affcf0d7559d693abd6dd2300c43fe6c0febae512c1b8e94 2
-/usr/share/doc/scap-security-guide/tables/table-rhel7-ospprefs.html f769ac0a37d476604b36020065130118d2f8691db84d3756de8b991756c0d1ca 2
-/usr/share/doc/scap-security-guide/tables/table-rhel7-pcidssrefs.html 71933534fc530e3d3313f4a743139c056ee8189a820e7cc27039d513a5a33739 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-nistrefs.html 12bd7f16526d0301da205ad5eacd1167bd4f2fddf3fbc86a1d8091d4013bbccd 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-ospprefs.html 4839aa2d956df2acfa1ad0257235b9436a13b3b5019bc4d1db65c569e6c32753 2
+/usr/share/doc/scap-security-guide/tables/table-rhel7-pcidssrefs.html 8f7d3899ae034c14a97459cc4c2e99381be9aef2cc040285066a59e6637bfdbc 2
@@ -831 +831 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel8-anssirefs.html 64c25d81a3da87853cdcb98f8084f682e789aecfb4aee1e1100cc3203b565630 2
+/usr/share/doc/scap-security-guide/tables/table-rhel8-anssirefs.html c54dab4b06bad172795e143854e27b064d800432cb7511e1086673f1a10df84d 2
@@ -833,2 +833,2 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel8-cisrefs.html 3b8d8b56467717aa26ad3fac65981efab4429df4b8efb5821fc6ea6ccd8cc1bf 2
-/usr/share/doc/scap-security-guide/tables/table-rhel8-cuirefs.html c9205efde44ee3cb8ecd4b2bc33a22a4f925cb973f7b6547399cbb2636978751 2
+/usr/share/doc/scap-security-guide/tables/table-rhel8-cisrefs.html 1583a83cbc2a6e0f1a2b0b8d632e1a0e92661550716e17829bdd61731ad162ef 2
+/usr/share/doc/scap-security-guide/tables/table-rhel8-cuirefs.html dd18fa55593d8905867e76f03c289a46be061231ad63de399fcfc7ff7b76e63e 2
@@ -838,2 +838,2 @@
-/usr/share/doc/scap-security-guide/tables/table-rhel8-nistrefs.html 4f47684e4c314b57790faf918f4eec7b4fb326fc3aaaee1eed398db602d59e16 2
-/usr/share/doc/scap-security-guide/tables/table-rhel8-pcidssrefs.html 57ff2da449cba2c8f1aa337c180b397cba6a16cc11d2d6df9612e8a80e1ad2d7 2
+/usr/share/doc/scap-security-guide/tables/table-rhel8-nistrefs.html 52f275bb5cf8924713758d802eed9f38730905d00689f5dbc205368b07a972e7 2
+/usr/share/doc/scap-security-guide/tables/table-rhel8-pcidssrefs.html d69ca79b900394698a048bd4c34e212e1a13951f7a49d5d48703da35922c90af 2
@@ -1127,2 +1127,2 @@
-/usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml 34a506af3316d60ead4c3040b1418b601540cf4ffccee4f8bca88eba25b4e0c8 0
-/usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml 74e8018ac455effc9a9d069de9616df8ef1a3965cdddf16cda5d8b057e40545f 0
+/usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml 0f399812a1c9c92fd4dda08a80b29681fa97e9472e575cd0f70425a9d8e832e9 0
+/usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml a350d3155a9acab265f0168fc98c4d12a0322adda5a71a0c4d8d4af791874911 0
@@ -1132,9 +1132,9 @@
-/usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml d9f3c0075b65d64d5748185a8ceae67438c28ee374b5b77fb2abdc1a178a4947 0
-/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml b1eb283377f9fd12b3c3486a1398ff93d537cf8d1a1bcbfcff07a6ab651d53c2 0
-/usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml 6a8349825d56352b174b721ab536d3135472b3d005abe54a29d25ae662c92fae 0
-/usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml a273be76df80751af6d1d1347d48dbbd38c3069161dd44cd56a1d855910baa91 0
-/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml 108173365987ea69c8f5662a230bd1597c50f45988a11329e5980a4b27154651 0
-/usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml 961210ead97a7dcd44cb769e041a3fc878e222ab70335beecc379dacf3058409 0
-/usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml 15fb7be7603725d0d91a9c817fd762c9be88109079a1a9bbcf822fea053e72ac 0
-/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml 0e63b446e73ffd806feb0dee113dd25c4728eeb8572039c7aea3b11315dc281a 0
-/usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml b397b261ad7cdfb0aaf36a0e6c9cadbff9f839daab25c4de1d97cae2e9e2be5c 0
+/usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml 1b5fa14510f098be12634d8b6665596f31fa2cedb7f59c97d98ba0612b88c22e 0
+/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml 8f41dda7b73f15ce9337b40ef1e510f931ddd794e1067a7e00c6bd538ca6b840 0
+/usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml a13fc649e2f51bc57ceee5d535fecd5675d9cade6a5a20e007dc3aea7488171a 0
+/usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml db3a9cc00c9dad347497a879c0daac5e2d32967d46cc006c561b716172225cf4 0
+/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml 38dcb39db5e8615444e7bc5a1bed6e2a2462ee127e2b01f1fcccc39d38ed4161 0
+/usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml 0819dc02728f8960d02863efd7216ea9852974e6ae3fc358387e56bbc93fb293 0
+/usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml 73b4d63df7a27292cd53fdf0c132ea62053fd388d90d51564cbf5e0bdea31989 0
+/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml 7d62f06057bd8becd9c8f82031330db8631044dbce096cd050b8c15e218f5c72 0
+/usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml 34bea2c245fd90bd8504ef5c5c0f4a5a7feecf21705cfec0a7a3e78890f97763 0
@@ -1143,3 +1143,3 @@
-/usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml 4b78953deff3060c845786fdb5230648e1b43e1c5c68df5f250a2b606aa10d6b 0
-/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml a5dd8f8793651c1581c5e924148d8c359ded5472f3f6a5df2f386d24d5ebbc9b 0
-/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml b21a9fa23c7ce94583ab7484fd4a2160dd7283409d76410de676e994d2a2ef9e 0
+/usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml f71fd7c217be9c8d49698110b333ba33dd70989909704d4545ff5fb1e3d20e54 0
+/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml 5ee701db32ec1b225f72da0e10df10ae202017ce6f36d09c7987ffe472e5f4a9 0
+/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml 16f3f4fa14740726f5753f34c31e017197cbc40743804375601958a376e0eef8 0
@@ -1147 +1147 @@
-/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml 5e632f85c6b64b9f861971ce1b4ba3ce07d3af7c2f338195522a643fb6ee2c60 0
+/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml 9ee129ec168cdba3e79086317b9853d737d07b14b34dee9b524786db1fcc58bc 0
@@ -1150,3 +1150,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml f9776ef6a0408f86df8707b39d13890fb13dfce10a7aa37f1a04f32ce061cd30 0
-/usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml f71a1fcfb2cdcac53303e17b3f76c320c5c1d3ab8f497c334702ff13bf5bb8af 0
-/usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml 23d869e9e85ae325cf3d566625495683b7769a7ab3228a41f046b35a07ea63e1 0
+/usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml 9ee699876678931100c8dd2709556909bfbf0415d1d5a4b415ad680d0e945b99 0
+/usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml a0bca46b994ce4dfc6fdd8a8375e76ee7f68a4877049243b59f79a1a900b995a 0
+/usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml e8ffebc43f7d53ddb98ef60fb64ec7e1b3e26aeafe581d08a52e2017bc79ab43 0
@@ -1154 +1154 @@
-/usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml e69e2bce0456234d94a80a86c69d88510ea685e719871205fceac5a3559b82fe 0
+/usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml 825ac0bd506d87683901863aab9b6bd94ef7be35abac99f278ab0fe8613ea2da 0
@@ -1157,3 +1157,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml 996ac2791256a528c3d74507823d34dfe551b25dd779d0fb2c929ca7dfc07a1c 0
-/usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml 102eb13cd3e0077b76000bcbea06c80c266a3bfcd32b5950ce0ba0fe0aaa0da1 0
-/usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml cc239d567b2c21a38d9df746529296050be104fd968d2447dbe266724cef15fc 0
+/usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml 48fcc4d7b7a42a0488f96e65bae1154f9e255f2ddcdc5ce207a5a2535f31f66f 0
+/usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml 45ba0c3346086b934270076ba90dbbc56bea51944d7b25b2ee672ceb62f9edf5 0
+/usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml 62f6521b47c1ed48675be99e3a744b951bcc9830c2e9f921711f0a9b409016f6 0
@@ -1161 +1161 @@
-/usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml 3baf30367d472baf65148064f1a6dc36547b4bd6c1e623ccd28a351a286a6150 0
+/usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml e3e8de7c6f48ec9183e211ec4356bcffde8df81002641858ae8fc9d006e58964 0
@@ -1164,3 +1164,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml eb0db26354499b8ecae5ef2f569c41d531a144aada9b90071e6187c8602a4455 0
-/usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml 9a7470c60b9df69341403f8811dc1749f81854853e21eb9749b83da63f459ede 0
-/usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml b4367042910e51ee44052f5f7ad3699c98230c2803acc4db649d991baed5c1cf 0
+/usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml 0a519868f2b224b2834e863301754077a0a4c0f03d110ad64edfc12c97967a5d 0
+/usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml db9cfd189af8ac533ef878dabb98fd79cf11ed5d8ddba0438c461037e747b63f 0
+/usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml 371fc01da02e023ca49ef1a1ed34dc9c7af901f12d728deab136362d87e8a15c 0
@@ -1168 +1168 @@
-/usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml d05cdf53c1789b46b033910c8e9bd81e31d8d8193c1107a1e305ea7cad8cda00 0
+/usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml b3f1ece17a64c53365a3e62047fde42c8584650cb2ea3c4c5bcd529d903d2b09 0
@@ -1171,3 +1171,3 @@
-/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml aeb50a375e6e4edcb46d41fab38fa925e1246a616e7b664804dc6e2daa8b3866 0
-/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml 099313265acc53a5cc201268081f4f0ff3c7de03ada798293a17f383e60e6ab2 0
-/usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml 413ee646ad1abb837d061120eb2d0a4b455b8fd19bdfeddc53cf15c610d45df5 0
+/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml 4416f4a2ec26ed4a61a2919a2df4c4c77f99306e31870db889527c8629bd48a1 0
+/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml c9824252d64eb8a7e43ffe8b9427299cf09ae8de0714d14f0ddaf78257f1e9e6 0
+/usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml 4cb577b954b8f02c385d255ccd977999b896a489799a75f7b8bcc80df5a0a6bf 0
@@ -1175 +1175 @@
-/usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml 1ab18d9173180c912131ce9069a22fa32be9120ce1e85296c8d282714b75111b 0
+/usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml 13e02e51a9213bbca2c36acd0a05b9a732585a0c3021f5b5572e0824bc7bd516 0
@@ -1178,3 +1178,3 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml dedaaf0936b6fb44c911405e4c8402560a5fb2cf6156278753ca6f457b696187 0
-/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml d79688988b6784a48bde50b5b1f44956f5bd76a13c9cf5b05539b94eda83519a 0
-/usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml 3db6653c78fc48d5e1c4a40b47123bc48b4aa0613904e01699f56306a364e302 0
+/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml a84fbe5d8872c6fca43d767d912468e6e9ac2ca22cd0d3e0621ad36682c745b5 0
+/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 081c7211c15c215cc9a294c981cd3443f271033cfeb2d59fad8845f7d27524c6 0
+/usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml fc5b2358f89af744d448628aeba9a58c6a369e9b128ad514086c38ec99c39e4f 0
@@ -1182 +1182 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml 685507761e5bdf69c4b1ca33821da447f91aaf050a0fccb37eee284f3417ed1a 0
+/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml 1a43fd9c80d4718c0d66a9ab223eea6c7c1de8ee89063159b7ff32a236e9abaa 0
@@ -1185,3 +1185,3 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml 6882c3e37b825e46bec0d6e09d081f89601de8a35f2e41eada3a9e74f883566f 0
-/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml acba16d2b15b8455e5328880569c1f8bfcb8b19de27443b99fc56cc05a1dba86 0
-/usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml 14d5cf8f7a60553e02f23dabd0722ea7882fc947adf0d935a2822351d12861ae 0
+/usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml 3dbc8b3ddd50360293626d52a7ff60a99f32082d907aa01339fdc681a929e550 0
+/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml 84f2326b4db9e24af640ed634923f1c41fcdca17ff635e7fb441ff948242f5e3 0
+/usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml 1000e680d6442ca8b77bf61c41f8dfdf9212346641539f8c276995d0acfdd340 0
@@ -1189 +1189 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml 9be5d199cef9a188444a93572af8fe82ed7ba3983569cc027929cac453c2191c 0
+/usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml e9f404e32cec0a62ff5ea9f084284db126eb5a62d5c44d7d411b923e2588431d 0
@@ -1192,3 +1192,3 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml 44147dd69eb0aa19c8c14dc9b848a4c5e5f0e28ee67d3e8b9d7b9ea87e3e4e06 0
-/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml 5d2ae6f9821fdb4a905f2863e4b4aeb884230cdabe30b3b68fb46281dd06c2c4 0
-/usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml 568d0cd9e59475ba85726d4391610917e79ce95a63cafa17895d351f4e33968e 0
+/usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml 234bea0ceff98979bbcfd7d0325d8b8432008dbacb9cd388100532bd1ac26931 0
+/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml a0c92d86f36fa4efea024daee3f796bc69e5c38d8ccc878919ad1c9b0efce428 0
+/usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml 23ce29ed8661ed5e4407a32c3942eafcd890ea65309a712cad66d5cb1af25597 0
@@ -1196 +1196 @@
-/usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml 43112cd84092eeaecc1f772767d4d789f32bd69a944302e742e97a33f33bb7d3 0
+/usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml a999c2a7794b4ed7329353a968a698112ae92fe7cf8bcdc33e2abe5e64847015 0
@@ -1199,3 +1199,3 @@
-/usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml 0fb9a7d2c26d12440b58bb502ae965c9125b3ad19a0e8ff47819c3c9cd268157 0
-/usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml b504928b593e44f09401815abd0d8185c5ff5024999ccc50f372d33f1643c3a0 0
-/usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml 2ffa7854edf89b1b56befd9c56dc354f8c84fc05cfa65532d6611e300de5b76d 0
+/usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml 1e7ef5e2788395f34e2890466ce54880703838ed904a48168bc980a82ee0f0f7 0
+/usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml 82390e2d50a8b782c9ad6049de3ba2b021d68668a297eea25b1b49c6687954b5 0
+/usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml 5914d87fdb16e22146604e888e0ad9f9b4fcda8c4b1e1f2b96769ae4200fbd85 0
@@ -1203,4 +1203,4 @@
-/usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml 15955d800e68b4e78d6dc89fe0b89bc4cf7982991129f52d35252f11a07ba3f1 0
-/usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml ca6e16d36f41505af11b20bd18ec012208a6e2f268a824e44f54c324e9fef9af 0
-/usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml 880641f378d9aa0d19b00b96c64e659fd4308f3efd6c00299c6533b27106edb8 0
-/usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml 1cf580d66a3dfd4362d3f3206d3fafc154e78fdf91b517ab24209a840582ffce 0
+/usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml 0fe5b9cf777b352d32407bd156b38cc176b458e033aaae4e1820dd73d0e2e17d 0
+/usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml 208e3672d18aaa2132e8a08587fd6ddd2b97b553dcdbcef9671f0d2912bf74b4 0
+/usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml 51d5c8874d0eabea3100cf02b351cd95d4fcf704400dcc66a1e7d572427fb03f 0
+/usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml e3a9ee0589607f4081620b369c921b5fe8a3ed8b3ab1d81eed7e2b8e555c43aa 0
comparing rpmtags
comparing RELEASE
comparing PROVIDES
comparing scripts
comparing filelist
comparing file checksum
creating rename script
RPM file checksum differs.
Extracting packages
/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -443,17 +443,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4542,7 +4542,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4567,7 +4586,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4718,25 +4737,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 41 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -16382,7 +16382,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id151"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -16722,7 +16736,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17035,20 +17049,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id154" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17072,7 +17072,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -17400,7 +17414,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17706,20 +17720,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id158" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17743,7 +17743,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id159"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-centos7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -848,7 +848,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -873,7 +892,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1024,25 +1043,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 group and 1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -12332,7 +12332,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id80"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id81"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -12672,7 +12686,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -12985,20 +12999,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id83" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13022,7 +13022,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id85"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -13350,7 +13364,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -13656,20 +13670,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id87" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13693,7 +13693,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-settimeofday.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -14033,7 +14047,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -435,17 +435,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4538,17 +4538,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4581,17 +4581,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4630,10 +4630,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4641,6 +4638,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -5146,7 +5146,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5171,7 +5190,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id137"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5322,25 +5341,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id137"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -29060,7 +29060,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -29394,7 +29408,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -29704,20 +29718,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
/usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-centos8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -1178,7 +1178,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1203,7 +1222,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1354,25 +1373,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 group and 1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -16156,7 +16156,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -16496,7 +16510,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -16809,20 +16823,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id100" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -16846,7 +16846,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id102"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -17174,7 +17188,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17480,20 +17494,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id104" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17517,7 +17517,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id105"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-settimeofday.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -17857,7 +17871,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -136,17 +136,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -425,17 +425,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -751,17 +751,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4676,7 +4676,21 @@
 authentication to privileged accounts. Users will first login, then escalate
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -4684,7 +4698,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -4700,20 +4714,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -5932,7 +5932,21 @@
 daily</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Log files that are not properly rotated run the risk of growing so large
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -5953,7 +5967,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6012,20 +6026,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6173,17 +6173,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -136,17 +136,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -698,17 +698,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1024,17 +1024,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4949,7 +4949,21 @@
 authentication to privileged accounts. Users will first login, then escalate
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -4957,7 +4971,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -4973,20 +4987,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6250,7 +6250,21 @@
 daily</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Log files that are not properly rotated run the risk of growing so large
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6271,7 +6285,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6330,20 +6344,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6491,17 +6491,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -136,17 +136,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -425,17 +425,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -751,17 +751,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4676,7 +4676,21 @@
 authentication to privileged accounts. Users will first login, then escalate
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -4684,7 +4698,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -4700,20 +4714,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -5569,7 +5569,21 @@
 daily</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Log files that are not properly rotated run the risk of growing so large
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -5590,7 +5604,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -5649,20 +5663,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -5810,17 +5810,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -242,17 +242,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4156,17 +4156,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4198,10 +4198,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4209,6 +4206,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -132,17 +132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -599,17 +599,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -25557,7 +25557,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id233"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -25891,7 +25905,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26189,20 +26203,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id235" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26219,7 +26219,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The addition of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26553,7 +26567,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26859,20 +26873,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -27476,7 +27476,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id246"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -27816,7 +27830,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28129,20 +28143,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -132,17 +132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -524,17 +524,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4465,17 +4465,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4507,10 +4507,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4518,6 +4515,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4665,17 +4665,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -4707,10 +4707,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -4718,6 +4715,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -4800,7 +4800,21 @@
                                 Configure Accepting Router Advertisements on All IPv6 Interfaces
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -4854,7 +4868,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -4919,7 +4933,11 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -4929,15 +4947,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -132,17 +132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -524,17 +524,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4465,17 +4465,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4507,10 +4507,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4518,6 +4515,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4665,17 +4665,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -4707,10 +4707,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -4718,6 +4715,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -4800,7 +4800,21 @@
                                 Configure Accepting Router Advertisements on All IPv6 Interfaces
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -4854,7 +4868,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -4919,7 +4933,11 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -4929,15 +4947,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -132,17 +132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -599,17 +599,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -25557,7 +25557,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id233"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -25891,7 +25905,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26189,20 +26203,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id235" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26219,7 +26219,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The addition of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26553,7 +26567,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26859,20 +26873,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -27476,7 +27476,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id246"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -27816,7 +27830,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28129,20 +28143,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -146,17 +146,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -252,17 +252,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -717,17 +717,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -762,17 +762,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -797,17 +797,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -838,17 +838,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -881,17 +881,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1041,17 +1041,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4098,17 +4098,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -795,17 +795,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1361,7 +1361,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1386,7 +1405,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1531,25 +1550,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -7993,7 +7993,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -8333,7 +8347,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -8646,20 +8660,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id111" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -8683,7 +8683,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -9011,7 +9025,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -9317,20 +9331,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id115" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -9354,7 +9354,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1229,7 +1229,18 @@
 <pre>$ sudo systemctl mask --now debug-shell.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">This prevents attackers with physical access from trivially bypassing security
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -1249,9 +1260,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -1260,7 +1268,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -1318,17 +1329,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id55" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1346,7 +1346,21 @@
 can reboot the system. If accidentally pressed, as could happen in
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -1378,20 +1392,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id58" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1409,16 +1409,7 @@
 can reboot the system. If accidentally pressed, as could happen in
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-systemctl disable --now ctrl-alt-del.target
-systemctl mask --now ctrl-alt-del.target
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -1429,6 +1420,15 @@
       units:
       - name: ctrl-alt-del.target
         mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+systemctl disable --now ctrl-alt-del.target
+systemctl mask --now ctrl-alt-del.target
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id61" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 9 systems support an "interactive boot" option that can
@@ -1653,7 +1653,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1678,7 +1697,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1823,25 +1842,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ism_o.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
@@ -435,17 +435,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -651,17 +651,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -922,17 +922,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -3715,7 +3715,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -3740,7 +3759,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3885,25 +3904,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -11487,7 +11487,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id162"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -11827,7 +11841,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -12140,20 +12154,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id164" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -12177,7 +12177,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -136,17 +136,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -242,17 +242,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -707,17 +707,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -752,17 +752,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -787,17 +787,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -828,17 +828,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -871,17 +871,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1031,17 +1031,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4088,17 +4088,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -305,17 +305,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4347,17 +4347,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4389,17 +4389,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4438,10 +4438,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4449,6 +4446,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -4830,7 +4830,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4855,7 +4874,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5000,25 +5019,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -28626,7 +28626,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -28960,7 +28974,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -29258,20 +29272,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -142,17 +142,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3349,17 +3349,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8563,17 +8563,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -8741,17 +8741,7 @@
 <code>/etc/shells</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Not listing <code>tmux</code> among permitted shells
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -8765,6 +8755,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -8800,17 +8800,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -8853,17 +8853,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id261" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -8879,7 +8879,18 @@
 <pre>$ sudo systemctl mask --now debug-shell.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">This prevents attackers with physical access from trivially bypassing security
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -8899,9 +8910,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -8910,7 +8918,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -8968,17 +8979,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-cs9-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -148,17 +148,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3355,17 +3355,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8569,17 +8569,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -8747,17 +8747,7 @@
 <code>/etc/shells</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Not listing <code>tmux</code> among permitted shells
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -8771,6 +8761,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -8806,17 +8806,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -8859,17 +8859,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id261" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -8885,7 +8885,18 @@
 <pre>$ sudo systemctl mask --now debug-shell.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">This prevents attackers with physical access from trivially bypassing security
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -8905,9 +8916,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -8916,7 +8924,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -8974,17 +8985,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -2079,17 +2079,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -5093,17 +5093,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id132"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id132"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -5133,7 +5133,18 @@
 <pre>$ sudo systemctl mask --now debug-shell.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">This prevents attackers with physical access from trivially bypassing security
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -5153,9 +5164,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id137"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -5164,7 +5172,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -5222,17 +5233,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id140" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Fedora systems support an "interactive boot" option that can
@@ -5561,7 +5561,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id150"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id150" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id150"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5586,7 +5605,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5731,25 +5750,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -50634,7 +50634,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id310"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id310"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id311" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id311"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -50968,20 +50982,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id311" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id311"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -426,17 +426,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4323,17 +4323,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4365,17 +4365,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4414,10 +4414,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4425,6 +4422,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -4925,7 +4925,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id132"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id132"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4950,7 +4969,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5095,25 +5114,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -25239,7 +25239,21 @@
 add the line to file <code>/etc/audit/audit.rules</code>.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The removal of kernel modules can be used to alter the behavior of
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id209"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -25573,20 +25587,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit" id="guide-tree-leaf-id210" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program
/usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-fedora-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -1772,7 +1772,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1797,7 +1816,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1942,25 +1961,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_netrc_files" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_no_netrc_files" id="guide-tree-leaf-id58" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_password_storage"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_no_netrc_files"><span class="label label-default">Rule</span>  
                                 Verify No netrc Files Exist
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_no_netrc_files">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The <code>.netrc</code> files contain login information
@@ -2024,7 +2024,21 @@
 authentication to privileged accounts. Users will first login, then escalate
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id63"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -2032,7 +2046,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -2048,20 +2062,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_restrict_serial_port_logins" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_restrict_serial_port_logins" id="guide-tree-leaf-id65" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_root_logins"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_restrict_serial_port_logins"><span class="label label-default">Rule</span>  
                                 Restrict Serial Port Root Logins
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_restrict_serial_port_logins">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To restrict root logins on serial ports,
@@ -12823,7 +12823,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -13163,7 +13177,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -13476,20 +13490,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id126" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13513,7 +13513,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id127"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id128"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -13841,7 +13855,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -416,17 +416,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -6205,17 +6205,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -6247,10 +6247,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -6258,6 +6255,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -15143,17 +15143,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id438" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id438"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id439" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id439"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id440" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id440"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id439" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id439"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id440" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id440"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id441" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id441"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -738,17 +738,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -6629,17 +6629,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -6671,10 +6671,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -6682,6 +6679,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -16009,17 +16009,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id482" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id482"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id483" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id483"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id484" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id484"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id483" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id483"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id484" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id484"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id485" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id485"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -416,17 +416,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5839,17 +5839,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id167" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id167"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id167" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id167"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id168" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id168"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5881,10 +5881,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5892,6 +5889,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -14604,17 +14604,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id419" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id419"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id420" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id420"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id421" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id421"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id420" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id420"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id421" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id421"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id422" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id422"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-anssi_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -3955,17 +3955,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -3997,10 +3997,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4008,6 +4005,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cjis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
@@ -438,17 +438,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -2810,7 +2810,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -2835,7 +2854,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -2986,25 +3005,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -23458,7 +23458,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -23469,9 +23480,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -23480,7 +23488,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -23546,17 +23557,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id212" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -23940,10 +23940,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -23951,6 +23948,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id226" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id226"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -3512,17 +3512,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -3573,10 +3573,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -3584,6 +3581,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -4098,7 +4098,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4123,7 +4142,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4274,25 +4293,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -4887,7 +4887,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -4898,9 +4909,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -4909,7 +4917,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -4975,17 +4986,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id126" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -5498,10 +5498,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5509,6 +5506,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -8905,10 +8905,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -793,17 +793,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1232,7 +1232,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1257,7 +1276,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1408,25 +1427,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -14311,7 +14311,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id139"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id140"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -14322,9 +14333,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id140"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -14333,7 +14341,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -14399,17 +14410,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_logging"><span class="label label-default">Group</span>  
                 Configure Syslog
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_logging">[ref]</a>  
@@ -14444,17 +14444,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -14486,10 +14486,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -14497,6 +14494,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -14644,17 +14644,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><pre><code>
-[[packages]]
-name = "firewalld"
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1145,10 +1145,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -1156,6 +1153,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -1566,7 +1566,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1591,7 +1610,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1742,25 +1761,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -43310,7 +43310,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id276" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id276"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id276" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id276"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id277" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id277"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -43321,9 +43332,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id277" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id277"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id278" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id278"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -43332,7 +43340,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id279" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id279"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id279" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id279"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id280" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id280"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -43398,17 +43409,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id280" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id280"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id281" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -43992,10 +43992,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id302" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id302"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id302" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id302"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -44003,6 +44000,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -44985,10 +44985,7 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id338" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id338"><pre><code>
 kdump --disable
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><pre><code>
-[customizations.services]
-disabled = ["kdump"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
 
 class disable_kdump {
   service {'kdump':
@@ -44996,6 +44993,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><pre><code>
+[customizations.services]
+disabled = ["kdump"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service kdump
   block:
 
@@ -45087,10 +45087,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><pre><code>
-[customizations.services]
-enabled = ["crond"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_crond
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_crond
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -3503,17 +3503,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -3564,10 +3564,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -3575,6 +3572,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -4089,7 +4089,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4114,7 +4133,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4265,25 +4284,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -4878,7 +4878,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -4889,9 +4900,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -4900,7 +4908,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -4966,17 +4977,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id126" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -5489,10 +5489,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5500,6 +5497,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -8896,10 +8896,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -434,17 +434,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4479,7 +4479,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4504,7 +4523,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4655,25 +4674,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 41 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -25004,7 +25004,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id226" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id226"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -25015,9 +25026,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id226" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id226"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -25026,7 +25034,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -25092,17 +25103,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id230" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -25790,17 +25790,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=libreswan
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><pre><code>
-[[packages]]
-name = "libreswan"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libreswan
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libreswan
 
 class install_libreswan {
   package { 'libreswan':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><pre><code>
+[[packages]]
+name = "libreswan"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure libreswan is installed
   package:
     name: libreswan
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-sap.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-sap.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-sap.html	2022-07-15 00:00:00.000000000 +0000
@@ -100,17 +100,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=glibc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[[packages]]
-name = "glibc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_glibc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_glibc
 
 class install_glibc {
   package { 'glibc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[[packages]]
+name = "glibc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure glibc is installed
   package:
     name: glibc
@@ -140,17 +140,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=uuidd
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[[packages]]
-name = "uuidd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_uuidd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_uuidd
 
 class install_uuidd {
   package { 'uuidd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[[packages]]
+name = "uuidd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure uuidd is installed
   package:
     name: uuidd
@@ -518,10 +518,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
-[customizations.services]
-disabled = ["rlogin"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rlogin
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rlogin
 
 class disable_rlogin {
   service {'rlogin':
@@ -529,6 +526,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
+[customizations.services]
+disabled = ["rlogin"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service rlogin
   block:
 
@@ -631,10 +631,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><pre><code>
-[customizations.services]
-disabled = ["rsh"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rsh
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_rsh
 
 class disable_rsh {
   service {'rsh':
@@ -642,6 +639,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
+[customizations.services]
+disabled = ["rsh"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service rsh
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -735,7 +735,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -760,7 +779,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -911,25 +930,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -28490,17 +28490,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -28532,10 +28532,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -28543,6 +28540,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -28750,10 +28750,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -28761,6 +28758,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -29230,10 +29230,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[customizations.services]
-disabled = ["abrtd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
 
 class disable_abrtd {
   service {'abrtd':
@@ -29241,6 +29238,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[customizations.services]
+disabled = ["abrtd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service abrtd
   block:
 
@@ -29332,10 +29332,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
-[customizations.services]
-disabled = ["ntpdate"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
 
 class disable_ntpdate {
   service {'ntpdate':
@@ -29343,6 +29340,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
+[customizations.services]
+disabled = ["ntpdate"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service ntpdate
   block:
 
@@ -29436,10 +29436,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
-[customizations.services]
-disabled = ["oddjobd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
 
 class disable_oddjobd {
   service {'oddjobd':
@@ -29447,6 +29444,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><pre><code>
+[customizations.services]
+disabled = ["oddjobd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service oddjobd
   block:
 
@@ -29541,10 +29541,7 @@
 else
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -558,17 +558,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -8716,17 +8716,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pam_pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[[packages]]
-name = "pam_pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
 
 class install_pam_pkcs11 {
   package { 'pam_pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[[packages]]
+name = "pam_pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_auth" id="guide-tree-leaf-id209" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_smart_card_login"><td style="padding-left: 114px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_smartcard_auth"><span class="label label-default">Rule</span>  
                                 Enable Smart Card Login
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_smartcard_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To enable smart card authentication, consult the documentation at:
@@ -9365,7 +9365,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -9390,7 +9409,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -9541,25 +9560,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" id="guide-tree-leaf-id241" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_password_storage"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow"><span class="label label-default">Rule</span>  
                                 Ensure There Are No Accounts With Blank or Null Passwords
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Check the "/etc/shadow" file for blank passwords with the
@@ -47845,7 +47845,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id499"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id499"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id500" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id500"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -47856,9 +47867,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id500" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id500"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id501" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id501"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -47867,7 +47875,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id502" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id502"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id502" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id502"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -47933,17 +47944,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_bootloader-grub2"><span class="label label-default">Group</span>  
                 GRUB2 bootloader configuration
                           <small>Group contains 2 groups and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_bootloader-grub2" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_bootloader-grub2">[ref]</a>  
@@ -48373,10 +48373,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id519" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id519"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -48384,6 +48381,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id519" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id519"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id520" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id520"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -50327,10 +50327,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id574" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id574"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
/usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol7-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -564,17 +564,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -8722,17 +8722,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pam_pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[[packages]]
-name = "pam_pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
 
 class install_pam_pkcs11 {
   package { 'pam_pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[[packages]]
+name = "pam_pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_auth" id="guide-tree-leaf-id209" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_smart_card_login"><td style="padding-left: 114px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_smartcard_auth"><span class="label label-default">Rule</span>  
                                 Enable Smart Card Login
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_smartcard_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To enable smart card authentication, consult the documentation at:
@@ -9371,7 +9371,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221687r809141_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -9396,7 +9415,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -9547,25 +9566,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" id="guide-tree-leaf-id241" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_password_storage"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow"><span class="label label-default">Rule</span>  
                                 Ensure There Are No Accounts With Blank or Null Passwords
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Check the "/etc/shadow" file for blank passwords with the
@@ -47851,7 +47851,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id499"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL07-00-030000</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-221764r603260_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id499" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id499"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id500" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id500"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -47862,9 +47873,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id500" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id500"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id501" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id501"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -47873,7 +47881,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id502" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id502"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id502" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id502"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -47939,17 +47950,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id503" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id503"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_bootloader-grub2"><span class="label label-default">Group</span>  
                 GRUB2 bootloader configuration
                           <small>Group contains 2 groups and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_bootloader-grub2" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_bootloader-grub2">[ref]</a>  
@@ -48379,10 +48379,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id519" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id519"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -48390,6 +48387,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id519" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id519"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id520" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id520"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -50333,10 +50333,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id574" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id574"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -416,17 +416,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -982,17 +982,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -6414,17 +6414,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -6454,17 +6454,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -6497,10 +6497,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -6508,6 +6505,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -15461,17 +15461,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id460" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id460"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id461" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id461"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id462" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id462"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id461" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id461"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id462" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id462"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id463" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id463"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -733,17 +733,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1299,17 +1299,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -6776,17 +6776,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -6816,17 +6816,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id215" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id215"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -6859,10 +6859,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -6870,6 +6867,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -16263,17 +16263,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id504" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id504"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id505" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id505"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id506" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id506"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id505" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id505"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id506" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id506"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id507" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id507"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -416,17 +416,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -982,17 +982,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -6047,17 +6047,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -6087,17 +6087,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -6130,10 +6130,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -6141,6 +6138,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -14918,17 +14918,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id441" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id441"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=chrony
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id442" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id442"><pre><code>
-[[packages]]
-name = "chrony"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id443" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id443"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id442" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id442"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_chrony
 
 class install_chrony {
   package { 'chrony':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id443" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id443"><pre><code>
+[[packages]]
+name = "chrony"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id444" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id444"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure chrony is installed
   package:
     name: chrony
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -237,17 +237,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4139,17 +4139,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4182,10 +4182,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4193,6 +4190,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cjis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
@@ -430,17 +430,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -2886,7 +2886,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -2911,7 +2930,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3062,25 +3081,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -23538,7 +23538,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -23549,9 +23560,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -23560,7 +23568,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id215" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id215"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -23626,17 +23637,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id215" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id215"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id216" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -24051,10 +24051,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -24062,6 +24059,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -137,17 +137,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -431,17 +431,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -993,17 +993,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1038,17 +1038,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -1073,17 +1073,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -1114,17 +1114,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -1506,17 +1506,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id132"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4525,17 +4525,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -4751,10 +4751,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -4762,6 +4759,9 @@
     ensure =&gt; 'stopped',
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -917,17 +917,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1407,7 +1407,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id62"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1432,7 +1451,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1583,25 +1602,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -14054,7 +14054,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -14065,9 +14076,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -14076,7 +14084,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -14142,17 +14153,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_logging"><span class="label label-default">Group</span>  
                 Configure Syslog
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_logging" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_logging" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_logging">[ref]</a>  
@@ -14187,17 +14187,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -14230,10 +14230,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -14241,6 +14238,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -14389,17 +14389,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code>
-[[packages]]
-name = "firewalld"
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1272,10 +1272,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -1283,6 +1280,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -1697,7 +1697,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1722,7 +1741,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1873,25 +1892,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -43447,7 +43447,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id281" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id281"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id281" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id281"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id282" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id282"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -43458,9 +43469,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id282" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id282"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id283" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id283"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -43469,7 +43477,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id284" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id284"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id284" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id284"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id285" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id285"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -43535,17 +43546,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id285" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id285"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id286" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -44205,10 +44205,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -44216,6 +44213,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -45199,10 +45199,7 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id352" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id352"><pre><code>
 kdump --disable
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id353" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id353"><pre><code>
-[customizations.services]
-disabled = ["kdump"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id353" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id353"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_kdump
 
 class disable_kdump {
   service {'kdump':
@@ -45210,6 +45207,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><pre><code>
+[customizations.services]
+disabled = ["kdump"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service kdump
   block:
 
@@ -45301,10 +45301,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id358"><pre><code>
-[customizations.services]
-enabled = ["crond"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_crond
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_crond
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -422,17 +422,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -984,17 +984,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1029,17 +1029,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -1064,17 +1064,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -1105,17 +1105,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -1497,17 +1497,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id132" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id132"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4516,17 +4516,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -4742,10 +4742,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -4753,6 +4750,9 @@
     ensure =&gt; 'stopped',
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -426,17 +426,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4385,17 +4385,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4428,17 +4428,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4477,10 +4477,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4488,6 +4485,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -4992,7 +4992,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id144" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id144"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5017,7 +5036,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id144" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id144"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5168,25 +5187,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -37898,17 +37898,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id307" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id307"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=audispd-plugins
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id308"><pre><code>
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id308"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
 
 class install_audispd-plugins {
   package { 'audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><pre><code>
+[[packages]]
+name = "audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id310"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -37936,7 +37936,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id312" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id312"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-030181</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248520r779126_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id312" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id312"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id313"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -37947,9 +37958,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -1065,7 +1065,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1090,7 +1109,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1241,25 +1260,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -28824,17 +28824,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -28867,10 +28867,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -28878,6 +28875,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -29088,10 +29088,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -29099,6 +29096,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -29568,10 +29568,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code>
-[customizations.services]
-disabled = ["abrtd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
 
 class disable_abrtd {
   service {'abrtd':
@@ -29579,6 +29576,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
+[customizations.services]
+disabled = ["abrtd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service abrtd
   block:
 
@@ -29670,10 +29670,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code>
-[customizations.services]
-disabled = ["ntpdate"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
 
 class disable_ntpdate {
   service {'ntpdate':
@@ -29681,6 +29678,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code>
+[customizations.services]
+disabled = ["ntpdate"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service ntpdate
   block:
 
@@ -29774,10 +29774,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><pre><code>
-[customizations.services]
-disabled = ["oddjobd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
 
 class disable_oddjobd {
   service {'oddjobd':
@@ -29785,6 +29782,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>
+[customizations.services]
+disabled = ["oddjobd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service oddjobd
   block:
 
@@ -29879,10 +29879,7 @@
 else
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -122,17 +122,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3549,17 +3549,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8383,17 +8383,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -8599,17 +8599,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=kbd
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><pre><code>
-[[packages]]
-name = "kbd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
 
 class install_kbd {
   package { 'kbd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code>
+[[packages]]
+name = "kbd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure kbd is installed
   package:
     name: kbd
@@ -8657,17 +8657,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -8711,17 +8711,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id271" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -8757,10 +8757,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -8768,6 +8765,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id275" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id275"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -10109,7 +10109,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -10134,7 +10153,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -10285,25 +10304,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol8-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3555,17 +3555,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8389,17 +8389,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -8605,17 +8605,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=kbd
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><pre><code>
-[[packages]]
-name = "kbd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_kbd
 
 class install_kbd {
   package { 'kbd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code>
+[[packages]]
+name = "kbd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure kbd is installed
   package:
     name: kbd
@@ -8663,17 +8663,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id264" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id264"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -8717,17 +8717,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id271" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -8763,10 +8763,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id273" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id273"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
   service {'debug-shell':
@@ -8774,6 +8771,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id274" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id274"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id275" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id275"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
@@ -10115,7 +10115,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">OL08-00-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-248715r779711_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -10140,7 +10159,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -10291,25 +10310,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-ol9-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ol9-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ol9-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -1047,7 +1047,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1072,7 +1091,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1217,25 +1236,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -28700,17 +28700,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -28742,10 +28742,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -28753,6 +28750,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -28960,10 +28960,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -28971,6 +28968,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -29427,10 +29427,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>
-[customizations.services]
-disabled = ["abrtd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_abrtd
 
 class disable_abrtd {
   service {'abrtd':
@@ -29438,6 +29435,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
+[customizations.services]
+disabled = ["abrtd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service abrtd
   block:
 
@@ -29529,10 +29529,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><pre><code>
-[customizations.services]
-disabled = ["ntpdate"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_ntpdate
 
 class disable_ntpdate {
   service {'ntpdate':
@@ -29540,6 +29537,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
+[customizations.services]
+disabled = ["ntpdate"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service ntpdate
   block:
 
@@ -29633,10 +29633,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><pre><code>
-[customizations.services]
-disabled = ["oddjobd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_oddjobd
 
 class disable_oddjobd {
   service {'oddjobd':
@@ -29644,6 +29641,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code>
+[customizations.services]
+disabled = ["oddjobd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service oddjobd
   block:
 
@@ -29738,10 +29738,7 @@
 else
/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-high.html	2022-07-15 00:00:00.000000000 +0000
@@ -552,7 +552,8 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82496-1">CCE-82496-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -560,14 +561,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -575,8 +571,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" id="guide-tree-leaf-id24" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux CoreOS 4 systems support an "interactive boot" option that can
@@ -6638,7 +6638,7 @@
 connections to Bluetooth devices, which entails some security risk.
 Nevertheless, variation in this risk decision may be expected due to the
 utility of Bluetooth connectivity and its limited range.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_bluetooth_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6652,7 +6652,7 @@
       - name: bluetooth.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6941,7 +6941,8 @@
 Additionally, automatically mounting filesystems permits easy introduction of
 unknown devices, thereby facilitating malicious activity.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_autofs_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82663-6">CCE-82663-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id377"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id377"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6949,14 +6950,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: autofs.service
-        enabled: false
-        mask: true
-      - name: autofs.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id378"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: autofs.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id378"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6964,8 +6960,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: autofs.service
+      - name: autofs.service
+        enabled: false
+        mask: true
+      - name: autofs.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" id="guide-tree-leaf-id379" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_mounting"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot"><span class="label label-default">Rule</span>  
                                 Disable Booting from USB Devices in Boot Firmware
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_bios_disable_usb_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Configure the system boot firmware (historically called BIOS on PC
@@ -7234,7 +7234,7 @@
 terminates an application. The memory image could contain sensitive data
 and is generally useful only for developers trying to debug problems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82530-7">CCE-82530-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7248,7 +7248,7 @@
       - name: systemd-coredump.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -8251,7 +8251,7 @@
 
 This is unusual, as SSH is a common method for encrypted and authenticated
 remote access.</div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale"></div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">unknown</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_sshd_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-3(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(4)</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id448" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id448"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-3(6)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2(4)</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id448" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id448"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -8265,7 +8265,7 @@
       - name: sshd.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id449" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id449"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id449" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id449"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-moderate.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-moderate.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-moderate.html	2022-07-15 00:00:00.000000000 +0000
@@ -552,7 +552,8 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82496-1">CCE-82496-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -560,14 +561,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -575,8 +571,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" id="guide-tree-leaf-id24" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux CoreOS 4 systems support an "interactive boot" option that can
@@ -6638,7 +6638,7 @@
 connections to Bluetooth devices, which entails some security risk.
 Nevertheless, variation in this risk decision may be expected due to the
 utility of Bluetooth connectivity and its limited range.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_bluetooth_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6652,7 +6652,7 @@
       - name: bluetooth.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6941,7 +6941,8 @@
 Additionally, automatically mounting filesystems permits easy introduction of
 unknown devices, thereby facilitating malicious activity.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_autofs_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82663-6">CCE-82663-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id377"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id377"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6949,14 +6950,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: autofs.service
-        enabled: false
-        mask: true
-      - name: autofs.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id378"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: autofs.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id378"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6964,8 +6960,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: autofs.service
+      - name: autofs.service
+        enabled: false
+        mask: true
+      - name: autofs.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" id="guide-tree-leaf-id379" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_mounting"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot"><span class="label label-default">Rule</span>  
                                 Disable Booting from USB Devices in Boot Firmware
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_bios_disable_usb_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Configure the system boot firmware (historically called BIOS on PC
@@ -7234,7 +7234,7 @@
 terminates an application. The memory image could contain sensitive data
 and is generally useful only for developers trying to debug problems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82530-7">CCE-82530-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7248,7 +7248,7 @@
       - name: systemd-coredump.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-nerc-cip.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-nerc-cip.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-nerc-cip.html	2022-07-15 00:00:00.000000000 +0000
@@ -541,7 +541,8 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82496-1">CCE-82496-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -549,14 +550,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -564,8 +560,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot" id="guide-tree-leaf-id24" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_coreos_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux CoreOS 4 systems support an "interactive boot" option that can
@@ -6627,7 +6627,7 @@
 connections to Bluetooth devices, which entails some security risk.
 Nevertheless, variation in this risk decision may be expected due to the
 utility of Bluetooth connectivity and its limited range.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_bluetooth_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.16</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000085</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-18(3)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id358" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id358"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6641,7 +6641,7 @@
       - name: bluetooth.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id359" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id359"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6930,7 +6930,8 @@
 Additionally, automatically mounting filesystems permits easy introduction of
 unknown devices, thereby facilitating malicious activity.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_autofs_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82663-6">CCE-82663-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id377"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000778</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">MP-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000114-GPOS-00059</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id377" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id377"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6938,14 +6939,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: autofs.service
-        enabled: false
-        mask: true
-      - name: autofs.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id378"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: autofs.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id378" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id378"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -6953,8 +6949,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: autofs.service
+      - name: autofs.service
+        enabled: false
+        mask: true
+      - name: autofs.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_bios_disable_usb_boot" id="guide-tree-leaf-id379" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_mounting"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_bios_disable_usb_boot"><span class="label label-default">Rule</span>  
                                 Disable Booting from USB Devices in Boot Firmware
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_bios_disable_usb_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Configure the system boot firmware (historically called BIOS on PC
@@ -7223,7 +7223,7 @@
 terminates an application. The memory image could contain sensitive data
 and is generally useful only for developers trying to debug problems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82530-7">CCE-82530-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id399" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id399"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7237,7 +7237,7 @@
       - name: systemd-coredump.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id400" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id400"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
/usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhcos4-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -512,7 +512,8 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82496-1">CCE-82496-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -520,14 +521,9 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -535,8 +531,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
+        enabled: false
+        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id28" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -3073,7 +3073,7 @@
 terminates an application. The memory image could contain sensitive data
 and is generally useful only for developers trying to debug problems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_systemd-coredump_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82530-7">CCE-82530-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SC-7(10)</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -3087,7 +3087,7 @@
       - name: systemd-coredump.socket
         enabled: false
         mask: true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation script ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-C2S.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-C2S.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-C2S.html	2022-07-15 00:00:00.000000000 +0000
@@ -132,17 +132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3844,7 +3844,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27294-8">CCE-27294-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -3852,7 +3866,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -3869,20 +3883,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts" id="guide-tree-leaf-id121" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_root_logins"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts"><span class="label label-default">Rule</span>  
                                 Ensure that System Accounts Do Not Run a Shell Upon Login
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Some accounts are not associated with a human user of the system, and exist to
@@ -25991,7 +25991,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id209"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id210"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -26331,7 +26345,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26648,20 +26662,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id212" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -26686,7 +26686,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27219-5">CCE-27219-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id214"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -27014,7 +27028,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id215" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id215"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -27324,20 +27338,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id215" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id215"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id216" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -27362,7 +27362,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27216-1">CCE-27216-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -474,17 +474,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5086,7 +5086,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27294-8">CCE-27294-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5094,7 +5108,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5111,20 +5125,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6436,7 +6436,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80195-1">CCE-80195-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id194"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6457,7 +6471,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6519,20 +6533,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6686,17 +6686,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -6727,17 +6727,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -807,17 +807,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5419,7 +5419,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27294-8">CCE-27294-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id173"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5427,7 +5441,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5444,20 +5458,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6877,7 +6877,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80195-1">CCE-80195-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id209"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6898,7 +6912,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6960,20 +6974,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -7127,17 +7127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id220"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id220"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -7168,17 +7168,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id226" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id226"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id226" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id226"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -474,17 +474,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5086,7 +5086,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27294-8">CCE-27294-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5094,7 +5108,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5111,20 +5125,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6055,7 +6055,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80195-1">CCE-80195-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id181"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6076,7 +6090,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6138,20 +6152,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6305,17 +6305,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
@@ -6346,17 +6346,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-anssi_nt28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -4197,17 +4197,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4241,10 +4241,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4252,6 +4249,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -804,17 +804,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -22802,7 +22802,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -23136,7 +23150,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -23442,20 +23456,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id250" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -23473,7 +23473,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80414-6">CCE-80414-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030820</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204560r809822_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030820</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204560r809822_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -23807,7 +23821,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -24121,20 +24135,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -25791,7 +25791,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id270"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id271" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id271"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -26131,7 +26145,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id271" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id271"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id272" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id272"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26448,20 +26462,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id272" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id272"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -724,17 +724,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5108,17 +5108,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5152,10 +5152,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5163,6 +5160,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5312,17 +5312,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5356,10 +5356,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5367,6 +5364,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5467,17 +5467,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=iptables
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -5511,7 +5511,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80180-3">CCE-80180-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.9</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id227"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.9</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5565,7 +5579,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5633,7 +5647,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id230" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -724,17 +724,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5108,17 +5108,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5152,10 +5152,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5163,6 +5160,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5312,17 +5312,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id210" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id210"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id211" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id211"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5356,10 +5356,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5367,6 +5364,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5467,17 +5467,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=iptables
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -5511,7 +5511,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80180-3">CCE-80180-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.9</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id227"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.9</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id227" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id227"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5565,7 +5579,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5633,7 +5647,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id230" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -804,17 +804,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -22802,7 +22802,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id248"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -23136,7 +23150,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -23442,20 +23456,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id249" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id249"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id250" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -23473,7 +23473,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80414-6">CCE-80414-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030820</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204560r809822_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030820</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204560r809822_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -23807,7 +23821,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -24121,20 +24135,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id253" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id253"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -25791,7 +25791,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id270"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id271" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id271"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -26131,7 +26145,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id271" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id271"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id272" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id272"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26448,20 +26462,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id272" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id272"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cjis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
@@ -449,17 +449,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3013,7 +3013,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -3038,7 +3057,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3195,25 +3214,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -15068,7 +15068,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id157"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -15408,7 +15422,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -15725,20 +15739,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id159" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -15763,7 +15763,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27219-5">CCE-27219-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -16091,7 +16105,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -16401,20 +16415,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id163" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -16439,7 +16439,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27216-1">CCE-27216-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -3748,17 +3748,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -3790,7 +3790,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -3810,9 +3821,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -3821,7 +3829,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -3882,17 +3893,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id91" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -3911,7 +3911,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80449-2">CCE-80449-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -3943,7 +3957,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -3979,20 +3993,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id95" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -4011,7 +4011,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27511-5">CCE-27511-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -4020,7 +4031,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -4039,17 +4050,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id99" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 7 systems support an "interactive boot" option that can
@@ -4392,7 +4392,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -819,17 +819,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1382,7 +1382,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1407,7 +1426,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1564,25 +1583,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -8155,7 +8155,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -8495,7 +8509,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -8812,20 +8826,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id111" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -8850,7 +8850,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27219-5">CCE-27219-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -9178,7 +9192,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -9488,20 +9502,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id115" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -9526,7 +9526,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27216-1">CCE-27216-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1268,7 +1268,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -1288,9 +1299,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -1299,7 +1307,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -1360,17 +1371,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id56" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1389,7 +1389,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80449-2">CCE-80449-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -1421,7 +1435,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -1457,20 +1471,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id60" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1489,7 +1489,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27511-5">CCE-27511-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id61"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -1498,7 +1509,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -1517,17 +1528,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id64" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 7 systems support an "interactive boot" option that can
@@ -1763,7 +1763,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1788,7 +1807,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1945,25 +1964,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ncp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ncp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ncp.html	2022-07-15 00:00:00.000000000 +0000
@@ -472,17 +472,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -9957,17 +9957,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id231" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id231"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -10019,17 +10019,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id235" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id235"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -10063,17 +10063,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -10114,10 +10114,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -10125,6 +10122,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -10462,7 +10462,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id260"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -10482,9 +10493,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id261" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id261"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -10493,7 +10501,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -10554,17 +10565,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id264" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -10583,7 +10583,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80449-2">CCE-80449-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id266"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -10615,7 +10629,7 @@
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -3739,17 +3739,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -3781,7 +3781,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -3801,9 +3812,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -3812,7 +3820,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -3873,17 +3884,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id91" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -3902,7 +3902,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80449-2">CCE-80449-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -3934,7 +3948,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -3970,20 +3984,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id95" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -4002,7 +4002,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27511-5">CCE-27511-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -4011,7 +4022,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -4030,17 +4041,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id99" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 7 systems support an "interactive boot" option that can
@@ -4383,7 +4383,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -445,17 +445,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4670,7 +4670,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4695,7 +4714,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4852,25 +4871,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 41 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -16597,7 +16597,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id172"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -16937,7 +16951,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17254,20 +17268,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id174" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17292,7 +17292,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27219-5">CCE-27219-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id176"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -17620,7 +17634,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17930,20 +17944,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id178" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17968,7 +17968,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27216-1">CCE-27216-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -574,17 +574,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -6434,17 +6434,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id168" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id168"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=screen
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id169" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id169"><pre><code>
-[[packages]]
-name = "screen"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id169" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id169"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_screen
 
 class install_screen {
   package { 'screen':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><pre><code>
+[[packages]]
+name = "screen"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure screen is installed
   package:
     name: screen
@@ -6496,17 +6496,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -6540,17 +6540,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id182" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id182"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id183" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id183"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -6591,10 +6591,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -6602,6 +6599,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -6939,7 +6939,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80206-6">CCE-80206-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -6959,9 +6970,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -6970,7 +6978,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -7031,17 +7042,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id204" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -7060,7 +7060,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80449-2">CCE-80449-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id206"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -7092,7 +7106,7 @@
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-vpp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-vpp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rhelh-vpp.html	2022-07-15 00:00:00.000000000 +0000
@@ -4913,17 +4913,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4957,17 +4957,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -5008,10 +5008,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -5019,6 +5016,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -5873,7 +5873,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5898,7 +5917,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -6055,25 +6074,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 5 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -6169,7 +6169,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27294-8">CCE-27294-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.5</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id153"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -6177,7 +6191,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -6194,20 +6208,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_password_auth_for_systemaccounts" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_no_password_auth_for_systemaccounts" id="guide-tree-leaf-id155" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_root_logins"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_no_password_auth_for_systemaccounts"><span class="label label-default">Rule</span>  
                                 Ensure that System Accounts Are Locked
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_no_password_auth_for_systemaccounts">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Some accounts are not associated with a human user of the system, and exist to
@@ -28625,7 +28625,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rht-ccp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rht-ccp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-rht-ccp.html	2022-07-15 00:00:00.000000000 +0000
@@ -125,17 +125,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -2852,7 +2852,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -2877,7 +2896,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3034,25 +3053,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -3611,10 +3611,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -3622,6 +3619,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -3708,7 +3708,21 @@
 <pre>install dccp /bin/true</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Disabling DCCP protects
 the system against exploitation of any flaws in its implementation.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82024-1">CCE-82024-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020101</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.4.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204450r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020101</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.4.1</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204450r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,install%20dccp%20/bin/true%0A
+        mode: 0644
+        path: /etc/modprobe.d/75-kernel_module_dccp_disabled.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 if LC_ALL=C grep -q -m 1 "^install dccp" /etc/modprobe.d/dccp.conf ; then
@@ -3722,7 +3736,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'dccp' is disabled
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'dccp' is disabled
   lineinfile:
     create: true
     dest: /etc/modprobe.d/dccp.conf
@@ -3743,20 +3757,6 @@
     - medium_disruption
     - medium_severity
     - reboot_required
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,install%20dccp%20/bin/true%0A
-        mode: 0644
-        path: /etc/modprobe.d/75-kernel_module_dccp_disabled.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="guide-tree-leaf-id128" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_network-uncommon"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled"><span class="label label-default">Rule</span>  
                                 Disable SCTP Support
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Stream Control Transmission Protocol (SCTP) is a
@@ -3769,7 +3769,21 @@
 <pre>install sctp /bin/true</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Disabling SCTP protects
 the system against exploitation of any flaws in its implementation.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82044-9">CCE-82044-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.4.2</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.4.2</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,install%20sctp%20/bin/true%0A
+        mode: 0644
+        path: /etc/modprobe.d/75-kernel_module_sctp_disabled.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 if LC_ALL=C grep -q -m 1 "^install sctp" /etc/modprobe.d/sctp.conf ; then
@@ -3783,7 +3797,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'sctp' is disabled
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'sctp' is disabled
   lineinfile:
     create: true
     dest: /etc/modprobe.d/sctp.conf
@@ -3803,20 +3817,6 @@
     - medium_disruption
     - medium_severity
     - reboot_required
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -863,7 +863,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -888,7 +907,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1045,25 +1064,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 group and 1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -12437,7 +12437,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27290-6">CCE-27290-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -12777,7 +12791,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -13094,20 +13108,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id103" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13132,7 +13132,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27219-5">CCE-27219-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id105"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -13460,7 +13474,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -13770,20 +13784,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id107" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13808,7 +13808,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27216-1">CCE-27216-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-settimeofday.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -14148,7 +14162,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -583,17 +583,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -8769,17 +8769,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pam_pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
-[[packages]]
-name = "pam_pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
 
 class install_pam_pkcs11 {
   package { 'pam_pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><pre><code>
+[[packages]]
+name = "pam_pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_auth" id="guide-tree-leaf-id215" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_smart_card_login"><td style="padding-left: 114px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_smartcard_auth"><span class="label label-default">Rule</span>  
                                 Enable Smart Card Login
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_smartcard_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To enable smart card authentication, consult the documentation at:
@@ -8931,7 +8931,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27511-5">CCE-27511-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id221"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -8940,7 +8951,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -8959,17 +8970,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_require_singleuser_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="guide-tree-leaf-id224" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_require_singleuser_auth"><span class="label label-default">Rule</span>  
                                 Require Authentication for Single User Mode
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_require_singleuser_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Single-user mode is intended as a system recovery
@@ -9406,7 +9406,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id242"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -9431,7 +9450,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id244" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id244"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -9588,25 +9607,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id244" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id244"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -33236,7 +33236,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id384" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id384"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id384" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id384"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id385" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id385"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -33570,7 +33584,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id385" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id385"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id386" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id386"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -33876,20 +33890,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id386" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id386"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
/usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel7-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -589,17 +589,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -8775,17 +8775,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pam_pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
-[[packages]]
-name = "pam_pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pam_pkcs11
 
 class install_pam_pkcs11 {
   package { 'pam_pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><pre><code>
+[[packages]]
+name = "pam_pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_auth" id="guide-tree-leaf-id215" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_smart_card_login"><td style="padding-left: 114px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_smartcard_auth"><span class="label label-default">Rule</span>  
                                 Enable Smart Card Login
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_smartcard_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To enable smart card authentication, consult the documentation at:
@@ -8937,7 +8937,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27511-5">CCE-27511-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id221"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-020230</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204455r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -8946,7 +8957,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -8965,17 +8976,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_require_singleuser_auth" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_require_singleuser_auth" id="guide-tree-leaf-id224" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_require_singleuser_auth"><span class="label label-default">Rule</span>  
                                 Require Authentication for Single User Mode
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_require_singleuser_auth">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Single-user mode is intended as a system recovery
@@ -9412,7 +9412,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-27286-4">CCE-27286-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id242"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-010290</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id242" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id242"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -9437,7 +9456,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id243" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id243"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id244" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id244"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -9594,25 +9613,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id244" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id244"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -33242,7 +33242,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80415-3">CCE-80415-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id384" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id384"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-07-030830</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.16</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204562r603261_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id384" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id384"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id385" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id385"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -33576,7 +33590,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id385" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id385"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id386" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id386"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -33882,20 +33896,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id386" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id386"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -474,17 +474,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1076,17 +1076,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -5249,7 +5249,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80840-2">CCE-80840-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id176"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5257,7 +5271,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5274,20 +5288,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6602,7 +6602,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80794-1">CCE-80794-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id206"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6623,7 +6637,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6685,20 +6699,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6852,17 +6852,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id216" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id216"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -802,17 +802,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1404,17 +1404,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -5577,7 +5577,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80840-2">CCE-80840-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5585,7 +5599,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5602,20 +5616,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6978,7 +6978,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80794-1">CCE-80794-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id220"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id220"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id221"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6999,7 +7013,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id221" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id221"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -7061,20 +7075,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -7228,17 +7228,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id231" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id231"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id231" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id231"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -474,17 +474,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id63" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id63"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1076,17 +1076,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -5249,7 +5249,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80840-2">CCE-80840-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">5.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id176"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5257,7 +5271,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5274,20 +5288,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id177" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id177"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6218,7 +6218,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80794-1">CCE-80794-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id192"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id193"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6239,7 +6253,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id193" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id193"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6301,20 +6315,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id194" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id194"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6468,17 +6468,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id203" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id203"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id205" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id205"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -246,17 +246,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4360,17 +4360,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4405,10 +4405,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4416,6 +4413,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -618,17 +618,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -26301,7 +26301,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80711-5">CCE-80711-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id255"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26635,7 +26649,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26949,20 +26963,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id257" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26980,7 +26980,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80713-1">CCE-80713-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030360</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230438r810464_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030360</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230438r810464_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id259"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -27314,7 +27328,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -27636,20 +27650,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -28274,7 +28274,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id268"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -28614,7 +28628,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28931,20 +28945,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -538,17 +538,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5121,17 +5121,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5166,10 +5166,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5177,6 +5174,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5327,17 +5327,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id220"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5372,10 +5372,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5383,6 +5380,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5469,7 +5469,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81006-9">CCE-81006-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040261</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230541r818875_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040261</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230541r818875_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5523,7 +5537,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5594,7 +5608,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id231" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
+            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81009-3">CCE-81009-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040280</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230544r818887_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -5604,16 +5623,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id231" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
-            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81009-3">CCE-81009-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040280</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230544r818887_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -538,17 +538,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5121,17 +5121,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id206" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id206"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id207" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id207"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id208" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id208"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id209" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id209"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -5166,10 +5166,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id212" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id212"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -5177,6 +5174,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id213" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id213"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id214" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id214"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -5327,17 +5327,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id217" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id217"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id218" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id218"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id219" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id219"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id220" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id220"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -5372,10 +5372,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -5383,6 +5380,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id225" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id225"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -5469,7 +5469,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81006-9">CCE-81006-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040261</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230541r818875_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id228"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040261</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.9</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230541r818875_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5523,7 +5537,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5594,7 +5608,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id231" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
+            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81009-3">CCE-81009-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040280</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230544r818887_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -5604,16 +5623,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id231" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
-            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-81009-3">CCE-81009-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040280</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.2.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230544r818887_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -127,17 +127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -618,17 +618,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -26301,7 +26301,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80711-5">CCE-80711-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id254" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id254"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id255"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26635,7 +26649,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26949,20 +26963,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id257" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26980,7 +26980,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80713-1">CCE-80713-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030360</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230438r810464_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030360</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230438r810464_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id259"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -27314,7 +27328,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id259" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id259"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -27636,20 +27650,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id260" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id260"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -28274,7 +28274,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id268"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -28614,7 +28628,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28931,20 +28945,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id270" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id270"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cjis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cjis.html	2022-07-15 00:00:00.000000000 +0000
@@ -441,17 +441,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3128,7 +3128,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -3153,7 +3172,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3310,25 +3329,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -18677,7 +18677,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -19017,7 +19031,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -19334,20 +19348,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id163" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -19372,7 +19372,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80746-1">CCE-80746-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id165"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -19700,7 +19714,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -20010,20 +20024,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id167" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -20048,7 +20048,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80747-9">CCE-80747-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id168" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id168"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id168" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id168"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -138,17 +138,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -443,17 +443,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -1048,17 +1048,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1091,17 +1091,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-plugin-subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "dnf-plugin-subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-plugin-subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-plugin-subscription-manager
 
 class install_dnf-plugin-subscription-manager {
   package { 'dnf-plugin-subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "dnf-plugin-subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-plugin-subscription-manager is installed
   package:
     name: dnf-plugin-subscription-manager
@@ -1132,17 +1132,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -1169,17 +1169,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -1212,17 +1212,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -1251,17 +1251,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1712,17 +1712,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -950,17 +950,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id46" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id46"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id47" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id47"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id48" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id48"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1566,7 +1566,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1591,7 +1610,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1748,25 +1767,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -8297,7 +8297,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -8637,7 +8651,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -8954,20 +8968,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id116" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -8992,7 +8992,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80746-1">CCE-80746-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id117"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -9320,7 +9334,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -9630,20 +9644,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id120" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -9668,7 +9668,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80747-9">CCE-80747-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1400,7 +1400,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80876-6">CCE-80876-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -1420,9 +1431,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -1431,7 +1439,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -1495,17 +1506,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id59" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1524,7 +1524,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80784-2">CCE-80784-2</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040172</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230531r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040172</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230531r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id61"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -1556,7 +1570,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -1594,20 +1608,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id62" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id62"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id63" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1626,7 +1626,18 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80785-9">CCE-80785-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230529r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040170</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230529r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: ctrl-alt-del.target
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 systemctl disable --now ctrl-alt-del.target
@@ -1635,7 +1646,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable Ctrl-Alt-Del Reboot Activation
   systemd:
     name: ctrl-alt-del.target
     force: true
@@ -1654,17 +1665,6 @@
     - low_complexity
     - low_disruption
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: ctrl-alt-del.target
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id67" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 8 systems support an "interactive boot" option that can
@@ -1899,7 +1899,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1924,7 +1943,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -2081,25 +2100,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ism_o.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
@@ -571,17 +571,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -1029,17 +1029,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1313,17 +1313,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id67" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id67"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -4252,7 +4252,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4277,7 +4296,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4434,25 +4453,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -12132,7 +12132,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id172"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -12472,7 +12486,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -12789,20 +12803,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id174" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -12827,7 +12827,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80746-1">CCE-80746-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -129,17 +129,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -434,17 +434,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -1039,17 +1039,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1082,17 +1082,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-plugin-subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "dnf-plugin-subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-plugin-subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-plugin-subscription-manager
 
 class install_dnf-plugin-subscription-manager {
   package { 'dnf-plugin-subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "dnf-plugin-subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-plugin-subscription-manager is installed
   package:
     name: dnf-plugin-subscription-manager
@@ -1123,17 +1123,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -1160,17 +1160,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -1203,17 +1203,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -1242,17 +1242,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id107" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id107"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1703,17 +1703,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -437,17 +437,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4672,17 +4672,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4717,17 +4717,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4768,10 +4768,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4779,6 +4776,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -5301,7 +5301,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5326,7 +5345,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5483,25 +5502,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -29354,7 +29354,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80711-5">CCE-80711-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-030390</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.15</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230446r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id228" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id228"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id229"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -29688,7 +29702,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id229" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id229"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -30002,20 +30016,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id230" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id230"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-rht-ccp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-rht-ccp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-rht-ccp.html	2022-07-15 00:00:00.000000000 +0000
@@ -125,17 +125,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3004,7 +3004,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -3029,7 +3048,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -3186,25 +3205,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id106" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id106"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -3725,10 +3725,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -3736,6 +3733,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -3822,7 +3822,21 @@
 <pre>install dccp /bin/true</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Disabling DCCP protects
 the system against exploitation of any flaws in its implementation.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80833-7">CCE-80833-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001958</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000096-GPOS-00050</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000378-GPOS-00163</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,install%20dccp%20/bin/true%0A
+        mode: 0644
+        path: /etc/modprobe.d/75-kernel_module_dccp_disabled.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 if LC_ALL=C grep -q -m 1 "^install dccp" /etc/modprobe.d/dccp.conf ; then
@@ -3836,7 +3850,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'dccp' is disabled
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'dccp' is disabled
   lineinfile:
     create: true
     dest: /etc/modprobe.d/dccp.conf
@@ -3856,20 +3870,6 @@
     - medium_disruption
     - medium_severity
     - reboot_required
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,install%20dccp%20/bin/true%0A
-        mode: 0644
-        path: /etc/modprobe.d/75-kernel_module_dccp_disabled.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" id="guide-tree-leaf-id132" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_network-uncommon"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled"><span class="label label-default">Rule</span>  
                                 Disable SCTP Support
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">The Stream Control Transmission Protocol (SCTP) is a
@@ -3882,7 +3882,21 @@
 <pre>install sctp /bin/true</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">Disabling SCTP protects
 the system against exploitation of any flaws in its implementation.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80834-5">CCE-80834-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040023</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230496r792917_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.10.1</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000381</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000095-GPOS-00049</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040023</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">3.3.2</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230496r792917_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,install%20sctp%20/bin/true%0A
+        mode: 0644
+        path: /etc/modprobe.d/75-kernel_module_sctp_disabled.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 if LC_ALL=C grep -q -m 1 "^install sctp" /etc/modprobe.d/sctp.conf ; then
@@ -3896,7 +3910,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'sctp' is disabled
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Ensure kernel module 'sctp' is disabled
   lineinfile:
     create: true
     dest: /etc/modprobe.d/sctp.conf
@@ -3917,20 +3931,6 @@
     - medium_disruption
     - medium_severity
     - reboot_required
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -1207,7 +1207,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80841-0">CCE-80841-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020331</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-244540r743869_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1232,7 +1251,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1389,25 +1408,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 group and 1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -16275,7 +16275,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80745-3">CCE-80745-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id115"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -16615,7 +16629,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -16932,20 +16946,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id117" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -16970,7 +16970,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80746-1">CCE-80746-1</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -17298,7 +17312,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17608,20 +17622,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id121" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17646,7 +17646,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80747-9">CCE-80747-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.6</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-settimeofday.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -17986,7 +18000,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -133,17 +133,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4374,17 +4374,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -10127,17 +10127,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id295" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id295"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id296" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id296"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id296" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id296"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id297" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id297"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id298" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id298"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -10315,17 +10315,7 @@
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82361-7">CCE-82361-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020042</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230350r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id308"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020042</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230350r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id308"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -10339,6 +10329,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id309"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -10375,17 +10375,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id312" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id312"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id313"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id313"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -10431,17 +10431,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id319" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id319"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id319" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id319"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id321" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -10458,7 +10458,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80876-6">CCE-80876-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id322" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id322"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id322" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id322"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id323" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id323"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -10478,9 +10489,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id323" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id323"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id324" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id324"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -10489,7 +10497,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id325" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id325"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -10553,17 +10564,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id326" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id326"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel8-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -139,17 +139,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id23" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id23"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4380,17 +4380,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id149" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id149"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -10092,17 +10092,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id290" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id290"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id291" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id291"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id292" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id292"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id293" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id293"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -10280,17 +10280,7 @@
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-82361-7">CCE-82361-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020042</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230350r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-020042</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230350r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id303" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id303"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -10304,6 +10294,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id304" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id304"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -10340,17 +10340,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id307" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id307"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id308"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id308" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id308"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id310"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -10396,17 +10396,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id313"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id316" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -10423,7 +10423,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-80876-6">CCE-80876-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id317"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">RHEL-08-040180</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-230532r627750_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -10443,9 +10454,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id319" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id319"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -10454,7 +10462,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id320" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id320"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -10518,17 +10529,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id321" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id321"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_enhanced.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_enhanced.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -431,17 +431,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -774,17 +774,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4810,7 +4810,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83625-4">CCE-83625-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -4818,7 +4832,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -4835,20 +4849,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6090,7 +6090,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83993-6">CCE-83993-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6111,7 +6125,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6173,20 +6187,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6339,17 +6339,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -713,17 +713,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id61" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id61"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -1056,17 +1056,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -5092,7 +5092,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83625-4">CCE-83625-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -5100,7 +5114,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -5117,20 +5131,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 1 group and 6 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -6420,7 +6420,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83993-6">CCE-83993-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -6441,7 +6455,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -6503,20 +6517,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -6669,17 +6669,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id198" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id198"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id199" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id199"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_intermediary.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_intermediary.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -431,17 +431,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id49" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id49"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -774,17 +774,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id73" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id73"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4810,7 +4810,21 @@
 to privileged (root) access via su / sudo. This is required for FISMA Low
 and FISMA Moderate systems.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_direct_root_logins</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83625-4">CCE-83625-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R19)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.6</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.3.3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,
+        mode: 0600
+        path: /etc/securetty
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 echo &gt; /etc/securetty
@@ -4818,7 +4832,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Direct root Logins Not Allowed
   copy:
     dest: /etc/securetty
     content: ''
@@ -4835,20 +4849,6 @@
     - no_direct_root_logins
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,
-        mode: 0600
-        path: /etc/securetty
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -5713,7 +5713,21 @@
 that they fill up the /var/log partition. Valuable logging information could be lost
 if the /var/log partition becomes full.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_ensure_logrotate_activated</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83993-6">CCE-83993-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id160"><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R43)</a>, <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">NT12(R18)</a>, <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.7</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id160" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id160"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
+        mode: 0644
+        path: /etc/logrotate.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id161"><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 LOGROTATE_CONF_FILE="/etc/logrotate.conf"
@@ -5734,7 +5748,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id161" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id161"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Configure daily log rotation in /etc/logrotate.conf
   lineinfile:
     create: true
     dest: /etc/logrotate.conf
@@ -5796,20 +5810,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ %23%20see%20%22man%20logrotate%22%20for%20details%0A%23%20rotate%20log%20files%20daily%0Adaily%0A%0A%23%20keep%204%20weeks%20worth%20of%20backlogs%0Arotate%2030%0A%0A%23%20create%20new%20%28empty%29%20log%20files%20after%20rotating%20old%20ones%0Acreate%0A%0A%23%20use%20date%20as%20a%20suffix%20of%20the%20rotated%20file%0Adateext%0A%0A%23%20uncomment%20this%20if%20you%20want%20your%20log%20files%20compressed%0A%23compress%0A%0A%23%20RPM%20packages%20drop%20log%20rotation%20information%20into%20this%20directory%0Ainclude%20/etc/logrotate.d%0A%0A%23%20system-specific%20logs%20may%20be%20also%20be%20configured%20here. }}
-        mode: 0644
-        path: /etc/logrotate.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages"><span class="label label-default">Group</span>  
                 Rsyslog Logs Sent To Remote Host
                           <small>Group contains 3 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_rsyslog_sending_messages" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_rsyslog_sending_messages" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_logging"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_rsyslog_sending_messages">[ref]</a>  
@@ -5962,17 +5962,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog-gnutls
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><pre><code>
-[[packages]]
-name = "rsyslog-gnutls"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog-gnutls
 
 class install_rsyslog-gnutls {
   package { 'rsyslog-gnutls':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id172" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id172"><pre><code>
+[[packages]]
+name = "rsyslog-gnutls"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog-gnutls is installed
   package:
     name: rsyslog-gnutls
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_minimal.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-anssi_bp28_minimal.html	2022-07-15 00:00:00.000000000 +0000
@@ -240,17 +240,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4264,17 +4264,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id100" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id100"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4308,10 +4308,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4319,6 +4316,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -124,17 +124,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -611,17 +611,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -25806,7 +25806,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83802-9">CCE-83802-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id233"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26140,7 +26154,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26442,20 +26456,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id235" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26473,7 +26473,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90835-0">CCE-90835-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26807,7 +26821,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -27117,20 +27131,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -27749,7 +27749,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83840-9">CCE-83840-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id246"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -28089,7 +28103,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28406,20 +28420,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_server_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_server_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -124,17 +124,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -531,17 +531,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4611,17 +4611,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4655,10 +4655,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4666,6 +4663,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4815,17 +4815,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -4859,10 +4859,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -4870,6 +4867,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -4955,7 +4955,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84120-5">CCE-84120-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5009,7 +5023,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5077,7 +5091,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
+            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84125-4">CCE-84125-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -5087,16 +5106,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
-            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84125-4">CCE-84125-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l1.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l1.html	2022-07-15 00:00:00.000000000 +0000
@@ -124,17 +124,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -531,17 +531,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id39" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id39"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id40" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id40"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -4611,17 +4611,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id178" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id178"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rsyslog
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id179" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id179"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id180" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id180"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id181" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id181"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -4655,10 +4655,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -4666,6 +4663,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -4815,17 +4815,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id189" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id189"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=firewalld
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><pre><code>
-[[packages]]
-name = "firewalld"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id190" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id190"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_firewalld
 
 class install_firewalld {
   package { 'firewalld':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id191" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id191"><pre><code>
+[[packages]]
+name = "firewalld"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id192" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id192"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure firewalld is installed
   package:
     name: firewalld
@@ -4859,10 +4859,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><pre><code>
-[customizations.services]
-enabled = ["firewalld"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id195" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id195"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_firewalld
 
 class enable_firewalld {
   service {'firewalld':
@@ -4870,6 +4867,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id196" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id196"><pre><code>
+[customizations.services]
+enabled = ["firewalld"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id197" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id197"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service firewalld
   block:
 
@@ -4955,7 +4955,21 @@
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0</pre>
 To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_ra = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit router advertisement message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84120-5">CCE-84120-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id200"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id200" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id200"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+        mode: 0644
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 # Comment out any occurrences of net.ipv6.conf.all.accept_ra from /etc/sysctl.d/*.conf files
@@ -5009,7 +5023,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id201" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id201"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: List /etc/sysctl.d/*.conf files
   find:
     paths:
       - /etc/sysctl.d/
@@ -5077,7 +5091,12 @@
     - medium_severity
     - reboot_required
     - sysctl_net_ipv6_conf_all_accept_ra
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id202" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id202"><pre><code>---
+</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
+                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
+                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
+To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
+            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84125-4">CCE-84125-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
+            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id204"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -5087,16 +5106,11 @@
     storage:
       files:
       - contents:
-          source: data:,net.ipv6.conf.all.accept_ra%3D0%0A
+          source: data:,net.ipv6.conf.all.accept_redirects%3D0%0A
         mode: 0644
-        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_ra.conf
+        path: /etc/sysctl.d/75-sysctl_net_ipv6_conf_all_accept_redirects.conf
         overwrite: true
-</code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" id="guide-tree-leaf-id203" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_configuring_ipv6"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects"><span class="label label-default">Rule</span>  
-                                Disable Accepting ICMP Redirects for All IPv6 Interfaces
-                                  <a class="small" href="#xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <code>/etc/sysctl.d</code>: <pre>net.ipv6.conf.all.accept_redirects = 0</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">An illicit ICMP redirect message could result in a man-in-the-middle attack.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
-            <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-84125-4">CCE-84125-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://www.ssi.gouv.fr/administration/bonnes-pratiques/">BP28(R22)</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.20</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001551</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6.1(iv)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id204" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id204"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l2.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cis_workstation_l2.html	2022-07-15 00:00:00.000000000 +0000
@@ -124,17 +124,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -611,17 +611,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id55" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id55"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -25806,7 +25806,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83802-9">CCE-83802-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id232" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id232"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id233"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26140,7 +26154,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id233" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id233"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -26442,20 +26456,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id234" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id234"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init" id="guide-tree-leaf-id235" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_kernel_module_loading"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init"><span class="label label-default">Rule</span>  
                                 Ensure auditd Collects Information on Kernel Module Loading - init_module
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To capture kernel module loading events, use following line, setting ARCH to
@@ -26473,7 +26473,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90835-0">CCE-90835-0</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id236" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id236"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id237"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -26807,7 +26821,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id237" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id237"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -27117,20 +27131,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20init_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20init_module%20-k%20module-change%0A
-        mode: 0600
-        path: /etc/audit/rules.d/75-kernel-module-loading-init.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_audit_login_events"><span class="label label-default">Group</span>  
                 Record Attempts to Alter Logon and Logout Events
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_audit_login_events" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_audit_login_events" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditd_configure_rules"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_audit_login_events">[ref]</a>  
@@ -27749,7 +27749,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83840-9">CCE-83840-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id246"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id246" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id246"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id247"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -28089,7 +28103,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id247" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id247"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -28406,20 +28420,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id248" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id248"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-cui.html	2022-07-15 00:00:00.000000000 +0000
@@ -138,17 +138,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -346,17 +346,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -832,17 +832,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -879,17 +879,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -916,17 +916,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -959,17 +959,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -1004,17 +1004,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1172,17 +1172,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4319,17 +4319,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-e8.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-e8.html	2022-07-15 00:00:00.000000000 +0000
@@ -812,17 +812,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id45" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id45"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -1398,7 +1398,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83611-4">CCE-83611-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id64"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id64" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id64"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1423,7 +1442,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id65" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id65"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1574,25 +1593,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id66" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id66"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains  1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -8093,7 +8093,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83840-9">CCE-83840-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id108"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -8433,7 +8447,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -8750,20 +8764,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id111" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -8788,7 +8788,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83837-5">CCE-83837-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -9116,7 +9130,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -9426,20 +9440,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id115" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -9464,7 +9464,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83836-7">CCE-83836-7</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-hipaa.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-hipaa.html	2022-07-15 00:00:00.000000000 +0000
@@ -1258,7 +1258,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90724-6">CCE-90724-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id50"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id50" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id50"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id51"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -1278,9 +1289,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id51" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id51"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id52" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id52"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -1289,7 +1297,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id53" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id53"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -1350,17 +1361,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id54" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id54"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id55" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1379,7 +1379,21 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90308-8">CCE-90308-8</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,CtrlAltDelBurstAction%3Dnone
+        mode: 0644
+        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q systemd; then
 
 # Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
@@ -1411,20 +1425,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,CtrlAltDelBurstAction%3Dnone
-        mode: 0644
-        path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="guide-tree-leaf-id58" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Reboot Activation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -1443,16 +1443,7 @@
 the case of mixed OS environment, this can create the risk of short-term
 loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-86667-3">CCE-86667-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id59"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-systemctl disable --now ctrl-alt-del.target
-systemctl mask --now ctrl-alt-del.target
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id60"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+            <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-003-8 R5.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R2.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.1</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R5.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(1)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -1463,6 +1454,15 @@
       units:
       - name: ctrl-alt-del.target
         mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id60" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id60"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+systemctl disable --now ctrl-alt-del.target
+systemctl mask --now ctrl-alt-del.target
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot" id="guide-tree-leaf-id61" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot"><span class="label label-default">Rule</span>  
                                 Verify that Interactive Boot is Disabled
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_disable_interactive_boot">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Red Hat Enterprise Linux 9 systems support an "interactive boot" option that can
@@ -1696,7 +1696,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83611-4">CCE-83611-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -1721,7 +1740,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1872,25 +1891,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ism_o.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ism_o.html	2022-07-15 00:00:00.000000000 +0000
@@ -436,17 +436,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -686,17 +686,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id41" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id41"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id42" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id42"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id43" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id43"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id44" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id44"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -970,17 +970,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id56" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id56"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rear
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><pre><code>
-[[packages]]
-name = "rear"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id57" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id57"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rear
 
 class install_rear {
   package { 'rear':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id58" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id58"><pre><code>
+[[packages]]
+name = "rear"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id59" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id59"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rear is installed
   package:
     name: rear
@@ -3838,7 +3838,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83611-4">CCE-83611-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -3863,7 +3882,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4014,25 +4033,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -11682,7 +11682,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83840-9">CCE-83840-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id162"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -12022,7 +12036,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -12339,20 +12353,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id165" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -12377,7 +12377,21 @@
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83837-5">CCE-83837-5</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id166"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id166" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id166"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ospp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-ospp.html	2022-07-15 00:00:00.000000000 +0000
@@ -128,17 +128,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -336,17 +336,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=crypto-policies
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "crypto-policies"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_crypto-policies
 
 class install_crypto-policies {
   package { 'crypto-policies':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "crypto-policies"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure crypto-policies is installed
   package:
     name: crypto-policies
@@ -822,17 +822,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id68" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id68"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=sudo
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -869,17 +869,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id74" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id74"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=gnutls-utils
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><pre><code>
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id75" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id75"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_gnutls-utils
 
 class install_gnutls-utils {
   package { 'gnutls-utils':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id76"><pre><code>
+[[packages]]
+name = "gnutls-utils"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -906,17 +906,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openscap-scanner
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><pre><code>
-[[packages]]
-name = "openscap-scanner"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openscap-scanner
 
 class install_openscap-scanner {
   package { 'openscap-scanner':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
+[[packages]]
+name = "openscap-scanner"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure openscap-scanner is installed
   package:
     name: openscap-scanner
@@ -949,17 +949,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=scap-security-guide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[[packages]]
-name = "scap-security-guide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_scap-security-guide
 
 class install_scap-security-guide {
   package { 'scap-security-guide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
+[[packages]]
+name = "scap-security-guide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure scap-security-guide is installed
   package:
     name: scap-security-guide
@@ -994,17 +994,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=subscription-manager
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
-[[packages]]
-name = "subscription-manager"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_subscription-manager
 
 class install_subscription-manager {
   package { 'subscription-manager':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
+[[packages]]
+name = "subscription-manager"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure subscription-manager is installed
   package:
     name: subscription-manager
@@ -1162,17 +1162,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=dnf-automatic
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
-[[packages]]
-name = "dnf-automatic"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_dnf-automatic
 
 class install_dnf-automatic {
   package { 'dnf-automatic':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
+[[packages]]
+name = "dnf-automatic"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure dnf-automatic is installed
   package:
     name: dnf-automatic
@@ -4309,17 +4309,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id173" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id173"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -302,17 +302,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4476,17 +4476,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4520,17 +4520,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4571,10 +4571,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4582,6 +4579,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id131" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id131"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -4976,7 +4976,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83611-4">CCE-83611-4</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5001,7 +5020,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5152,25 +5171,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -28911,7 +28911,21 @@
 the kernel and potentially introduce malicious code into kernel space. It is important
 to have an audit trail of modules that have been introduced into the kernel.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-83802-9">CCE-83802-9</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000172</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1.1.c</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.2.7</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00020</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000462-GPOS-00206</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00215</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000471-GPOS-00216</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000477-GPOS-00222</a>, <a href="">SRG-OS-000477-VMM-001970</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id222" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id222"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20delete_module%20-k%20module-change%0A-a%20always%2Cexit%20-F%20arch%3Db64%20-S%20delete_module%20-k%20module-change%0A
+        mode: 0600
+        path: /etc/audit/rules.d/75-kernel-module-loading-delete.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id223"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -29245,7 +29259,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id223" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id223"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -29547,20 +29561,6 @@
     - low_disruption
     - medium_severity
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -134,17 +134,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3587,17 +3587,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8939,17 +8939,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -9124,17 +9124,7 @@
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-89538-3">CCE-89538-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -9148,6 +9138,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -9184,17 +9184,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -9239,17 +9239,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id261" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id261"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id264" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -9266,7 +9266,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90724-6">CCE-90724-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id266"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -9286,9 +9297,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id267" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id267"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -9297,7 +9305,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -9358,17 +9369,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig_gui.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhel9-guide-stig_gui.html	2022-07-15 00:00:00.000000000 +0000
@@ -140,17 +140,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3593,17 +3593,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=rng-tools
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
-[[packages]]
-name = "rng-tools"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rng-tools
 
 class install_rng-tools {
   package { 'rng-tools':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><pre><code>
+[[packages]]
+name = "rng-tools"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id127" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id127"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rng-tools is installed
   package:
     name: rng-tools
@@ -8945,17 +8945,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id238" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id238"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id239" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id239"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id240" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id240"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id241" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id241"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -9130,17 +9130,7 @@
 prevents malicious program running as user
 from lowering security by disabling the screen lock.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">low</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_tmux_in_shells</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-89538-3">CCE-89538-3</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code># Remediation is applicable only in certain platforms
-if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
-
-if grep -q 'tmux\s*$' /etc/shells ; then
-	sed -i '/tmux\s*$/d' /etc/shells
-fi
-
-else
-    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
-fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code>---
+            <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FMT_SMF_EXT.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id251" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id251"><pre><code>---
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
@@ -9154,6 +9144,16 @@
         mode: 0644
         path: /etc/shells
         overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id252" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id252"><pre><code># Remediation is applicable only in certain platforms
+if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
+
+if grep -q 'tmux\s*$' /etc/shells ; then
+	sed -i '/tmux\s*$/d' /etc/shells
+fi
+
+else
+    &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
+fi
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px" id="xccdf_org.ssgproject.content_group_smart_card_login"><span class="label label-default">Group</span>  
                 Hardware Tokens for Authentication
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_smart_card_login" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_smart_card_login" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_screen_locking"><td style="padding-left: 95px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_smart_card_login">[ref]</a>  
@@ -9190,17 +9190,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id255" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id255"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id256" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id256"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id257" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id257"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id258" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id258"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -9245,17 +9245,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id261" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id261"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=openssl-pkcs11
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><pre><code>
-[[packages]]
-name = "openssl-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id262" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id262"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_openssl-pkcs11
 
 class install_openssl-pkcs11 {
   package { 'openssl-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id263" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id263"><pre><code>
+[[packages]]
+name = "openssl-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" id="guide-tree-leaf-id264" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled"><span class="label label-default">Rule</span>  
                                 Disable debug-shell SystemD Service
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_service_debug-shell_disabled">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">SystemD's <code>debug-shell</code> service is intended to
@@ -9272,7 +9272,18 @@
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span> 
             <abbr title="https://nvd.nist.gov/cce/index.cfm: CCE-90724-6">CCE-90724-6</abbr></p><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id265"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id265" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id265"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id266"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -9292,9 +9303,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id266" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id266"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id267" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id267"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -9303,7 +9311,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id268" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id268"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -9364,17 +9375,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id269" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id269"><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -426,17 +426,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -3701,17 +3701,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -3743,17 +3743,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -3792,10 +3792,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -3803,6 +3800,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id99" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id99"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -4303,7 +4303,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4328,7 +4347,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4473,25 +4492,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 57 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -37010,17 +37010,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id280" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id280"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=audispd-plugins
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id281" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id281"><pre><code>
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id282" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id282"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id281" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id281"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
 
 class install_audispd-plugins {
   package { 'audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id282" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id282"><pre><code>
+[[packages]]
+name = "audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id283" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id283"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -37048,7 +37048,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id285" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id285"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id285" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id285"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id286" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id286"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -37059,9 +37070,6 @@
/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -547,17 +547,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -5934,17 +5934,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=tmux
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><pre><code>
-[[packages]]
-name = "tmux"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_tmux
 
 class install_tmux {
   package { 'tmux':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id158" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id158"><pre><code>
+[[packages]]
+name = "tmux"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure tmux is installed
   package:
     name: tmux
@@ -5994,17 +5994,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id162" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id162"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id163" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id163"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id164" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id164"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id165" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id165"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -6036,17 +6036,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id168" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id168"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id169" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id169"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id169" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id169"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id170" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id170"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id171" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id171"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -6085,10 +6085,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id174" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id174"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -6096,6 +6093,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id175" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id175"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id176" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id176"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -6333,7 +6333,18 @@
 <pre>$ sudo systemctl mask --now debug-shell.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">This prevents attackers with physical access from trivially bypassing security
 on the machine through valid troubleshooting configurations and gaining root
 access when the system is rebooted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_debug-shell_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id184"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.4.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id184" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id184"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - enabled: false
+        name: debug-shell.service
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id185"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -6353,9 +6364,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id185" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id185"><pre><code>
-[customizations.services]
-disabled = ["debug-shell"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id186" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id186"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_debug-shell
 
 class disable_debug-shell {
@@ -6364,7 +6372,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id187" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id187"><pre><code>
+[customizations.services]
+disabled = ["debug-shell"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service debug-shell
   block:
 
     - name: Disable service debug-shell
@@ -6422,17 +6433,6 @@
     - medium_severity
     - no_reboot_needed
     - service_debug-shell_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id188" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id188"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - enabled: false
-        name: debug-shell.service
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="guide-tree-leaf-id189" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-physical"><td style="padding-left: 76px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction"><span class="label label-default">Rule</span>  
                                 Disable Ctrl-Alt-Del Burst Action
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
@@ -7268,7 +7268,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id224"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id224" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id224"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
/usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-vpp.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-vpp.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-rhv4-guide-rhvh-vpp.html	2022-07-15 00:00:00.000000000 +0000
@@ -4596,17 +4596,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=opensc
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><pre><code>
-[[packages]]
-name = "opensc"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id103" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id103"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc
 
 class install_opensc {
   package { 'opensc':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id104" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id104"><pre><code>
+[[packages]]
+name = "opensc"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id105" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id105"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc is installed
   package:
     name: opensc
@@ -4638,17 +4638,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id108" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id108"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=pcsc-lite
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><pre><code>
-[[packages]]
-name = "pcsc-lite"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id109" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id109"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_pcsc-lite
 
 class install_pcsc-lite {
   package { 'pcsc-lite':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>
+[[packages]]
+name = "pcsc-lite"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure pcsc-lite is installed
   package:
     name: pcsc-lite
@@ -4687,10 +4687,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
-[customizations.services]
-enabled = ["pcscd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_pcscd
 
 class enable_pcscd {
   service {'pcscd':
@@ -4698,6 +4695,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><pre><code>
+[customizations.services]
+enabled = ["pcscd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service pcscd
   block:
 
@@ -5427,7 +5427,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id139"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id140"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -5452,7 +5471,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id140"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -5597,25 +5616,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px" id="xccdf_org.ssgproject.content_group_root_logins"><span class="label label-default">Group</span>  
                 Restrict Root Logins
                           <small>Group contains 5 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts-restrictions"><td style="padding-left: 76px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_root_logins">[ref]</a>  
@@ -41813,7 +41813,18 @@
 Additionally, a properly configured audit subsystem ensures that actions of
 individual system users can be uniquely traced to those users so they
 can be held accountable for their actions.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_auditd_enabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.3.6</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000126</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000130</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000131</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000132</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000133</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000134</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000135</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000154</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000158</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001464</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001814</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001876</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002884</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iv)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-004-6 R3.3</a>, <a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">CIP-007-3 R6.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-2(g)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-3</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-14(1)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">SI-4(23)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FAU_GEN.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.1</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000062-GPOS-00031</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000037-GPOS-00015</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000038-GPOS-00016</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000039-GPOS-00017</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000040-GPOS-00018</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000041-GPOS-00019</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000042-GPOS-00021</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000051-GPOS-00024</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000054-GPOS-00025</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000122-GPOS-00063</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000254-GPOS-00095</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000255-GPOS-00096</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000337-GPOS-00129</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000348-GPOS-00136</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000349-GPOS-00137</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000350-GPOS-00138</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000351-GPOS-00139</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000352-GPOS-00140</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000353-GPOS-00141</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000354-GPOS-00142</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000358-GPOS-00145</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000365-GPOS-00152</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000392-GPOS-00172</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000475-GPOS-00220</a>, <a href="">SRG-OS-000037-VMM-000150</a>, <a href="">SRG-OS-000063-VMM-000310</a>, <a href="">SRG-OS-000038-VMM-000160</a>, <a href="">SRG-OS-000039-VMM-000170</a>, <a href="">SRG-OS-000040-VMM-000180</a>, <a href="">SRG-OS-000041-VMM-000190</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: auditd.service
+        enabled: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id337" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id337"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ] &amp;&amp; { rpm --quiet -q audit; }; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -41824,9 +41835,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id337" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id337"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id338" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id338"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
@@ -41835,7 +41843,10 @@
     ensure =&gt; 'running',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -41899,17 +41910,6 @@
     - medium_severity
     - no_reboot_needed
     - service_auditd_enabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: auditd.service
-        enabled: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_audit_argument" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_grub2_audit_argument" id="guide-tree-leaf-id341" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_auditing"><td style="padding-left: 57px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_grub2_audit_argument"><span class="label label-default">Rule</span>  
                                 Enable Auditing for Processes Which Start Prior to the Audit Daemon
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_grub2_audit_argument">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">To ensure all processes can be audited, even those which start
@@ -42095,10 +42095,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><pre><code>
-[customizations.services]
-disabled = ["bluetooth"]
/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-pci-dss.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-pci-dss.html	2022-07-15 00:00:00.000000000 +0000
@@ -443,17 +443,17 @@
 fi
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Anaconda snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 package --add=aide
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id12" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id12"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -4542,7 +4542,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -4567,7 +4586,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -4718,25 +4737,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_auditing"><span class="label label-default">Group</span>  
                 System Accounting with auditd
                           <small>Group contains 9 groups and 41 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_auditing" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_auditing" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_system"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_auditing">[ref]</a>  
@@ -16382,7 +16382,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id151"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -16722,7 +16736,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17035,20 +17049,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id154" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17072,7 +17072,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -17400,7 +17414,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -17706,20 +17720,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id158" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -17743,7 +17743,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id159"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id159" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id159"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
/usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-sl7-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -848,7 +848,26 @@
 a container anyway.</div></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">If an account has an empty password, anyone could log in and
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">high</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">18</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.5.2</a>, <a href="https://www.isaca.org/resources/cobit">APO01.06</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.10</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.10</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.1</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.5</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(B)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(7)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(ii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(a)(2)(iii)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(c)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(1)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.310(d)(2)(iii)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.iso.org/standard/54534.html">A.10.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.11.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.18.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.6.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.7.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.7.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.8.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.9.3.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.4.5</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(1)(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">IA-5(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-6</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.DS-5</a>, <a href="https://www.niap-ccevs.org/Profile/PP.cfm">FIA_UAU.1</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-8.2.3</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://public.cyber.mil/stigs/srg-stig-tools/">SV-204424r809187_rule</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEM_AUTH="/etc/pam.d/system-auth"
@@ -873,7 +892,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Strategy:</th><td>configure</td></tr></table><pre><code>- name: Check if system relies on authselect
   ansible.builtin.stat:
     path: /usr/bin/authselect
   register: result_authselect_present
@@ -1024,25 +1043,6 @@
     - medium_disruption
     - no_empty_passwords
     - no_reboot_needed
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/password-auth
-        overwrite: true
-      - contents:
-          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
-        mode: 0644
-        path: /etc/pam.d/system-auth
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px" id="xccdf_org.ssgproject.content_group_accounts-session"><span class="label label-default">Group</span>  
                 Secure Session Configuration Files for Login Accounts
                           <small>Group contains  1 group and 1 rule</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-session" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_accounts-session" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_accounts"><td style="padding-left: 57px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_accounts-session">[ref]</a>  
@@ -12332,7 +12332,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id80"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id80" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id80"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id81"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -12672,7 +12686,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id81" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id81"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -12985,20 +12999,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20adjtimex%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20adjtimex%20-k%20audit_time_rules%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-adjtimex.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" id="guide-tree-leaf-id83" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime"><span class="label label-default">Rule</span>  
                                 Record Attempts to Alter Time Through clock_settime
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13022,7 +13022,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id84"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id85"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # First perform the remediation of the syscall rule
@@ -13350,7 +13364,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
   tags:
@@ -13656,20 +13670,6 @@
     - medium_severity
     - no_reboot_needed
     - restrict_strategy
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
-apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    storage:
-      files:
-      - contents:
-          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20clock_settime%20-F%20a0%3D0x0%20-k%20time-change%0A }}
-        mode: 0600
-        path: /etc/audit/rules.d/75-syscall-clock-settime.rules
-        overwrite: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" id="guide-tree-leaf-id87" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_audit_time_rules"><td style="padding-left: 95px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday"><span class="label label-default">Rule</span>  
                                 Record attempts to alter time through settimeofday
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">If the <code>auditd</code> daemon is configured to use the
@@ -13693,7 +13693,21 @@
 nefarious activities in log files, as well as to confuse network services that
 are highly dependent upon an accurate system time (such as sshd). All changes
 to the system time should be audited.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">1</a>, <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">12</a>, <a href="https://www.cisecurity.org/controls/">13</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">15</a>, <a href="https://www.cisecurity.org/controls/">16</a>, <a href="https://www.cisecurity.org/controls/">19</a>, <a href="https://www.cisecurity.org/controls/">2</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">4</a>, <a href="https://www.cisecurity.org/controls/">5</a>, <a href="https://www.cisecurity.org/controls/">6</a>, <a href="https://www.cisecurity.org/controls/">7</a>, <a href="https://www.cisecurity.org/controls/">8</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">5.4.1.1</a>, <a href="https://www.isaca.org/resources/cobit">APO10.01</a>, <a href="https://www.isaca.org/resources/cobit">APO10.03</a>, <a href="https://www.isaca.org/resources/cobit">APO10.04</a>, <a href="https://www.isaca.org/resources/cobit">APO10.05</a>, <a href="https://www.isaca.org/resources/cobit">APO11.04</a>, <a href="https://www.isaca.org/resources/cobit">APO12.06</a>, <a href="https://www.isaca.org/resources/cobit">APO13.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI03.05</a>, <a href="https://www.isaca.org/resources/cobit">BAI08.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS01.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS02.07</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.01</a>, <a href="https://www.isaca.org/resources/cobit">DSS03.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.03</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.04</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.07</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.01</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.02</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.03</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.04</a>, <a href="https://www.isaca.org/resources/cobit">MEA01.05</a>, <a href="https://www.isaca.org/resources/cobit">MEA02.01</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">3.1.7</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001487</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000169</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(1)(ii)(D)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(3)(ii)(A)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.308(a)(5)(ii)(C)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(a)(2)(i)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(b)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(d)</a>, <a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">164.312(e)</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.2.3.10</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.2.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.3.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.4.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.4.2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 3.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 4.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 5.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 6.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.11.2.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.3</a>, <a href="https://www.iso.org/standard/54534.html">A.12.4.4</a>, <a href="https://www.iso.org/standard/54534.html">A.12.7.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.1.1</a>, <a href="https://www.iso.org/standard/54534.html">A.13.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.14.1.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.7</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.15.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.4</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.5</a>, <a href="https://www.iso.org/standard/54534.html">A.16.1.7</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.1</a>, <a href="https://www.iso.org/standard/54534.html">A.6.2.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-2(d)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AC-6(9)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.AE-5</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">DE.CM-7</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">ID.SC-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.AC-3</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-4</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">RS.AN-4</a>, <a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">Req-10.4.2.b</a>, <a href="https://www.cisecurity.org/benchmark/red_hat_linux/">4.1.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,{{ -a%20always%2Cexit%20-F%20arch%3Db64%20-S%20settimeofday%20-k%20audit_time_rules%0A-a%20always%2Cexit%20-F%20arch%3Db32%20-S%20settimeofday%20-k%20audit_time_rules%0A }}
+        mode: 0600
+        path: /etc/audit/rules.d/75-syscall-settimeofday.rules
+        overwrite: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code># Remediation is applicable only in certain platforms
 if rpm --quiet -q audit; then
 
 # Retrieve hardware architecture of the underlying system
@@ -14033,7 +14047,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>restrict</td></tr></table><pre><code>- name: Gather the package facts
/usr/share/doc/scap-security-guide/tables/table-ol7-anssirefs.html differs (HTML document, UTF-8 Unicode text)
--- old//usr/share/doc/scap-security-guide/tables/table-ol7-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol7-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,35 +42,73 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>BP28(R1)<br/>NT007(R03)</td>
-  <td>Uninstall the telnet server</td>
+  <td>BP28(R1)</td>
+  <td>Uninstall telnet-server Package</td>
   <td xml:lang="en-US">
-The telnet daemon should be uninstalled.
+The <code>telnet-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase telnet-server</pre>
   </td>
   <td xml:lang="en-US">
-<tt>telnet</tt> allows clear text communications, and does not protect
-any data transmission between client and server. Any confidential data
-can be listened and no integrity checking is made.'
+It is detrimental for operating systems to provide, or install by default,
+functionality exceeding requirements or mission objectives. These
+unnecessary capabilities are often overlooked and therefore may remain
+unsecure. They increase the risk to the platform by providing additional
+attack vectors.
+<br />
+The telnet service provides an unencrypted remote access service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session. If a privileged user were to login using this service, the
+privileged user password could be compromised.
+<br />
+Removing the <tt>telnet-server</tt> package decreases the risk of the
+telnet service's accidental (or intentional) activation.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall rsh Package</td>
+  <td>Uninstall ypserv Package</td>
   <td xml:lang="en-US">
-
-The <tt>rsh</tt> package contains the client commands
-
-for the rsh services
+The <code>ypserv</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase ypserv</pre>
   </td>
   <td xml:lang="en-US">
-These legacy clients contain numerous security exposures and have
-been replaced with the more secure SSH package. Even if the server is removed,
-it is best to ensure the clients are also removed to prevent users from
-inadvertently attempting to use these commands and therefore exposing
-
-their credentials. Note that removing the <tt>rsh</tt> package removes
+The NIS service provides an unencrypted authentication service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session.
 
-the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
+Removing the <tt>ypserv</tt> package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)</td>
+  <td>Uninstall rsh-server Package</td>
+  <td xml:lang="en-US">
+The <code>rsh-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase rsh-server</pre>
+  </td>
+  <td xml:lang="en-US">
+The <tt>rsh-server</tt> service provides unencrypted remote access service which does not
+provide for the confidentiality and integrity of user passwords or the remote session and has very weak
+authentication. If a privileged user were to login using this service, the privileged user password
+could be compromised. The <tt>rsh-server</tt> package provides several obsolete and insecure
+network services. Removing it decreases the risk of those services' accidental (or intentional)
+activation.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)<br/>NT007(R03)</td>
+  <td>Uninstall the telnet server</td>
+  <td xml:lang="en-US">
+The telnet daemon should be uninstalled.
+  </td>
+  <td xml:lang="en-US">
+<tt>telnet</tt> allows clear text communications, and does not protect
+any data transmission between client and server. Any confidential data
+can be listened and no integrity checking is made.'
   </td>
 </tr>
 <tr>
@@ -106,47 +144,6 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall telnet-server Package</td>
-  <td xml:lang="en-US">
-The <code>telnet-server</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase telnet-server</pre>
-  </td>
-  <td xml:lang="en-US">
-It is detrimental for operating systems to provide, or install by default,
-functionality exceeding requirements or mission objectives. These
-unnecessary capabilities are often overlooked and therefore may remain
-unsecure. They increase the risk to the platform by providing additional
-attack vectors.
-<br />
-The telnet service provides an unencrypted remote access service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session. If a privileged user were to login using this service, the
-privileged user password could be compromised.
-<br />
-Removing the <tt>telnet-server</tt> package decreases the risk of the
-telnet service's accidental (or intentional) activation.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
-  <td>Uninstall ypserv Package</td>
-  <td xml:lang="en-US">
-The <code>ypserv</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase ypserv</pre>
-  </td>
-  <td xml:lang="en-US">
-The NIS service provides an unencrypted authentication service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session.
-
-Removing the <tt>ypserv</tt> package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
   <td>Uninstall Sendmail Package</td>
   <td xml:lang="en-US">
 Sendmail is not the default mail transfer agent and is
@@ -163,30 +160,38 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall talk-server Package</td>
+  <td>Uninstall tftp-server Package</td>
   <td xml:lang="en-US">
-The <code>talk-server</code> package can be removed with the following command: <pre> $ sudo yum erase talk-server</pre>
+The <code>tftp-server</code> package can be removed with the following command: <pre> $ sudo yum erase tftp-server</pre>
   </td>
   <td xml:lang="en-US">
-The talk software presents a security risk as it uses unencrypted protocols
-for communications. Removing the <tt>talk-server</tt> package decreases the
-risk of the accidental (or intentional) activation of talk services.
+Removing the <tt>tftp-server</tt> package decreases the risk of the accidental
+(or intentional) activation of tftp services.
+<br /><br />
+If TFTP is required for operational support (such as transmission of router
+configurations), its use must be documented with the Information Systems
+Securty Manager (ISSM), restricted to only authorized personnel, and have
+access control rules established.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall DHCP Server Package</td>
+  <td>Uninstall rsh Package</td>
   <td xml:lang="en-US">
-If the system does not need to act as a DHCP server,
-the dhcp package can be uninstalled.
 
-The <code>dhcp</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase dhcp</pre>
+The <tt>rsh</tt> package contains the client commands
+
+for the rsh services
   </td>
   <td xml:lang="en-US">
-Removing the DHCP server ensures that it cannot be easily or
-accidentally reactivated and disrupt network operation.
+These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+
+their credentials. Note that removing the <tt>rsh</tt> package removes
+
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
   </td>
 </tr>
 <tr>
@@ -204,18 +209,18 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall tftp-server Package</td>
+  <td>Uninstall DHCP Server Package</td>
/usr/share/doc/scap-security-guide/tables/table-ol7-cuirefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-ol7-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol7-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,15 @@
 </thead>
 <tr>
   <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -59,6 +60,27 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Verify Only Root Has UID 0</td>
+  <td xml:lang="en-US">
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
+  </td>
+  <td xml:lang="en-US">
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
+  </td>
+</tr>
+<tr>
   <td>3.1.1</td>
   <td>Disable GDM Guest Login</td>
   <td xml:lang="en-US">
@@ -76,6 +98,31 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Disable SSH Access via Empty Passwords</td>
+  <td xml:lang="en-US">
+Disallow SSH login with empty passwords.
+The default SSH configuration disables logins with empty passwords. The appropriate
+configuration is used if no value is set for <tt>PermitEmptyPasswords</tt>.
+<br />
+To explicitly disallow SSH login from accounts with empty passwords,
+add or correct the following line in
+
+
+<tt>/etc/ssh/sshd_config</tt>:
+
+<br />
+<pre>PermitEmptyPasswords no</pre>
+Any accounts with empty passwords should be disabled immediately, and PAM configuration
+should prevent users from being able to assign themselves empty passwords.
+  </td>
+  <td xml:lang="en-US">
+Configuring this setting for the SSH daemon provides additional assurance
+that remote login via SSH will require a password, even in the event of
+misconfiguration elsewhere.
+  </td>
+</tr>
+<tr>
   <td>3.1.1<br/>3.1.6</td>
   <td>Direct root Logins Not Allowed</td>
   <td xml:lang="en-US">
@@ -103,17 +150,21 @@
 </tr>
 <tr>
   <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Serial Port Root Logins</td>
+  <td>Prevent Login to Accounts With Empty Password</td>
   <td xml:lang="en-US">
-To restrict root logins on serial ports,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>ttyS0
-ttyS1</pre>
+If an account is configured for password authentication
+but does not have an assigned password, it may be possible to log
+into the account without authentication. Remove any instances of the
+<tt>nullok</tt> in
+
+<tt>/etc/pam.d/system-auth</tt>
+
+to prevent logins with empty passwords.
   </td>
   <td xml:lang="en-US">
-Preventing direct root login to serial port interfaces
-helps ensure accountability for actions taken on the systems
-using the root account.
+If an account has an empty password, anyone could log in and
+run commands with the privileges of that account. Accounts with
+empty passwords should never be used in operational environments.
   </td>
 </tr>
 <tr>
@@ -134,41 +185,20 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Virtual Console Root Logins</td>
-  <td xml:lang="en-US">
-To restrict root logins through the (deprecated) virtual console devices,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>vc/1
-vc/2
-vc/3
-vc/4</pre>
-  </td>
-  <td xml:lang="en-US">
-Preventing direct root login to virtual console devices
-helps ensure accountability for actions taken on the system
-using the root account.
-  </td>
-</tr>
-<tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Verify Only Root Has UID 0</td>
+  <td>3.1.1<br/>3.4.5</td>
+  <td>Require Authentication for Emergency Systemd Target</td>
   <td xml:lang="en-US">
-If any account other than root has a UID of 0, this misconfiguration should
-be investigated and the accounts other than root should be removed or have
-their UID changed.
-<br />
-If the account is associated with system commands or applications the UID
-should be changed to one greater than "0" but less than "1000."
-Otherwise assign a UID greater than "1000" that has not already been
-assigned.
+Emergency mode is intended as a system recovery
+method, providing a single user root access to the system
+during a failed boot sequence.
+<br /><br />
+By default, Emergency mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/emergency.service</tt>.
   </td>
   <td xml:lang="en-US">
-An account has root authority if it has a UID of 0. Multiple accounts
-with a UID of 0 afford more opportunity for potential intruders to
-guess a password for a privileged account. Proper configuration of
-sudo is recommended to afford multiple system administrators
-access to root privileges in an accountable manner.
+This prevents attackers with physical access from trivially bypassing security
+on the machine and gaining root access. Such accesses are further prevented
+by configuring the bootloader password.
   </td>
 </tr>
 <tr>
@@ -193,65 +223,64 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Single User Mode</td>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Restrict Virtual Console Root Logins</td>
   <td xml:lang="en-US">
-Single-user mode is intended as a system recovery
-method, providing a single user root access to the system by
-providing a boot option at startup. By default, no authentication
-is performed if single-user mode is selected.
-<br /><br />
-By default, single-user mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/rescue.service</tt>.
+To restrict root logins through the (deprecated) virtual console devices,
+ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
+<pre>vc/1
+vc/2
+vc/3
+vc/4</pre>
   </td>
   <td xml:lang="en-US">
-This prevents attackers with physical access from trivially bypassing security
-on the machine and gaining root access. Such accesses are further prevented
-by configuring the bootloader password.
+Preventing direct root login to virtual console devices
+helps ensure accountability for actions taken on the system
+using the root account.
   </td>
 </tr>
 <tr>
/usr/share/doc/scap-security-guide/tables/table-ol7-nistrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-ol7-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol7-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,38 +42,16 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
   <td>IA-2<br/>AC-3<br/>CM-6(a)</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -82,142 +60,110 @@
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>IA-2<br/>AC-6(5)<br/>IA-4(b)</td>
+  <td>Verify Only Root Has UID 0</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
-accesses for all users and root. If the <tt>auditd</tt> daemon is configured
+At a minimum, the audit system should collect file permission
+changes for all users and root. If the <tt>auditd</tt> daemon is configured
 to use the <tt>augenrules</tt> program to read audit rules during daemon
-startup (the default), add the following lines to a file with suffix
+startup (the default), add the following line to a file with suffix
 <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
+utility to read audit rules during daemon startup, add the following line to
 <tt>/etc/audit/audit.rules</tt> file:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-  </td>
-  <td xml:lang="en-US">
-Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
-these events could serve as evidence of potential system compromise.
-  </td>
-</tr>
-<tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Logon and Logout Events - lastlog</td>
-  <td xml:lang="en-US">
-The audit system already collects login information for all users
-and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following lines to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt> in order to watch for attempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
-<tt>/etc/audit/audit.rules</tt> file in order to watch for unattempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
   </td>
   <td xml:lang="en-US">
-Manual editing of these files may indicate nefarious activity, such
-as an attacker attempting to remove evidence of an intrusion.
+The changing of file permissions could indicate that a user is attempting to
+gain access to information that would otherwise be disallowed. Auditing DAC modifications
+can facilitate the identification of patterns of abuse among both authorized and
+unauthorized users.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Time Through clock_settime</td>
+  <td>Record Access Events to Audit Log Directory</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
/usr/share/doc/scap-security-guide/tables/table-ol7-ospprefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-ol7-ospprefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol7-ospprefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -53,6 +53,28 @@
 </tr>
 <tr>
   <td>FAU_GEN.1</td>
+  <td>Enable auditd Service</td>
+  <td xml:lang="en-US">
+The <tt>auditd</tt> service is an essential userspace component of
+the Linux Auditing System, as it is responsible for writing audit records to
+disk.
+
+The <code>auditd</code> service can be enabled with the following command:
+<pre>$ sudo systemctl enable auditd.service</pre>
+  </td>
+  <td xml:lang="en-US">
+Without establishing what type of events occurred, it would be difficult
+to establish, correlate, and investigate the events leading up to an outage or attack.
+Ensuring the <tt>auditd</tt> service is active ensures audit records
+generated by the kernel are appropriately recorded.
+<br /><br />
+Additionally, a properly configured audit subsystem ensures that actions of
+individual system users can be uniquely traced to those users so they
+can be held accountable for their actions.
+  </td>
+</tr>
+<tr>
+  <td>FAU_GEN.1</td>
   <td>Set number of records to cause an explicit flush to audit logs</td>
   <td xml:lang="en-US">
 To configure Audit daemon to issue an explicit flush to disk command
@@ -88,28 +110,6 @@
 </tr>
 <tr>
   <td>FAU_GEN.1</td>
-  <td>Enable auditd Service</td>
-  <td xml:lang="en-US">
-The <tt>auditd</tt> service is an essential userspace component of
-the Linux Auditing System, as it is responsible for writing audit records to
-disk.
-
-The <code>auditd</code> service can be enabled with the following command:
-<pre>$ sudo systemctl enable auditd.service</pre>
-  </td>
-  <td xml:lang="en-US">
-Without establishing what type of events occurred, it would be difficult
-to establish, correlate, and investigate the events leading up to an outage or attack.
-Ensuring the <tt>auditd</tt> service is active ensures audit records
-generated by the kernel are appropriately recorded.
-<br /><br />
-Additionally, a properly configured audit subsystem ensures that actions of
-individual system users can be uniquely traced to those users so they
-can be held accountable for their actions.
-  </td>
-</tr>
-<tr>
-  <td>FAU_GEN.1</td>
   <td>Include Local Events in Audit Logs</td>
   <td xml:lang="en-US">
 To configure Audit daemon to include local events in Audit logs, set
@@ -123,190 +123,127 @@
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
-  <td>FAU_GEN.1.1.c</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
+The audit system should collect write events to /etc/gshadow file for all users and root.
+If the <tt>auditd</tt> daemon is configured
+to use the <tt>augenrules</tt> program to read audit rules during daemon
+startup (the default), add the following lines to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
+<pre>-a always,exit -F arch=b32 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+utility to read audit rules during daemon startup, add the following lines to
+<tt>/etc/audit/audit.rules</tt> file:
+<pre>-a always,exit -F arch=b32 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+Creation of users through direct edition of /etc/gshadow could be an indicator of malicious activity on a system.
+Auditing these events could serve as evidence of potential system compromise.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</td>
+  <td>Encrypt Audit Records Sent With audispd Plugin</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect the execution of
-privileged commands for all users and root. If the <tt>auditd</tt> daemon is
-configured to use the <tt>augenrules</tt> program to read audit rules during
-daemon startup (the default), add a line of the following form to a file with
-suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add a line of the following
-form to <tt>/etc/audit/audit.rules</tt>:
-<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
+Configure the operating system to encrypt the transfer of off-loaded audit
+records onto a different system or media from the system being audited.
+
+Uncomment the <tt>enable_krb5</tt> option in <pre>/etc/audisp/audisp-remote.conf</pre>,
+and set it with the following line:
+<pre>enable_krb5 = yes</pre>
   </td>
   <td xml:lang="en-US">
-Misuse of privileged functions, either intentionally or unintentionally by
-authorized users, or by unauthorized external entities that have compromised system accounts,
-is a serious and ongoing concern and can have significant adverse impacts on organizations.
-Auditing the use of privileged functions is one way to detect such misuse and identify
-the risk from insider and advanced persistent threats.
-<br /><br />
-Privileged programs are subject to escalation-of-privilege attacks,
-which attempt to subvert their normal role of providing some necessary but
-limited capability. As such, motivation exists to monitor these programs for
-unusual activity.
+Information stored in one location is vulnerable to accidental or incidental deletion
+or alteration. Off-loading is a common process in information systems with limited
+audit storage capacity.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
/usr/share/doc/scap-security-guide/tables/table-ol7-pcidssrefs.html differs (HTML document, ASCII text)
--- old//usr/share/doc/scap-security-guide/tables/table-ol7-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol7-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -76,6 +76,29 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
+  <td>Ensure Software Patches Installed</td>
+  <td xml:lang="en-US">
+
+If the system is joined to the ULN
+or a yum server, run the following command to install updates:
+<pre>$ sudo yum update</pre>
+If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
+
+<br /><br />
+NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
+dictates.
+  </td>
+  <td xml:lang="en-US">
+Installing software updates is a fundamental mitigation against
+the exploitation of publicly-known vulnerabilities. If the most
+recent security patches and updates are not installed, unauthorized
+users may take advantage of weaknesses in the unpatched software. The
+lack of prompt attention to patching could result in a system compromise.
+  </td>
+</tr>
+<tr>
+  <td>Req-6.2</td>
   <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
   <td xml:lang="en-US">
 The <tt>gpgcheck</tt> option controls whether
@@ -104,29 +127,6 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure Software Patches Installed</td>
-  <td xml:lang="en-US">
-
-If the system is joined to the ULN
-or a yum server, run the following command to install updates:
-<pre>$ sudo yum update</pre>
-If the system is not configured to use one of these sources, updates (in the form of RPM packages)
-can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
-
-<br /><br />
-NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
-dictates.
-  </td>
-  <td xml:lang="en-US">
-Installing software updates is a fundamental mitigation against
-the exploitation of publicly-known vulnerabilities. If the most
-recent security patches and updates are not installed, unauthorized
-users may take advantage of weaknesses in the unpatched software. The
-lack of prompt attention to patching could result in a system compromise.
-  </td>
-</tr>
-<tr>
-  <td>Req-6.2</td>
   <td>Ensure Oracle Linux GPG Key Installed</td>
   <td xml:lang="en-US">
 To ensure the system can cryptographically verify base software
@@ -155,64 +155,64 @@
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
@@ -289,24 +289,42 @@
 </tr>
 <tr>
   <td>Req-8.1.8</td>
-  <td>Set SSH Client Alive Count Max</td>
+  <td>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</td>
   <td xml:lang="en-US">
-The SSH server sends at most <tt>ClientAliveCountMax</tt> messages
-during a SSH session and waits for a response from the SSH client.
-The option <tt>ClientAliveInterval</tt> configures timeout after
-each <tt>ClientAliveCountMax</tt> message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
-and terminated.
-For SSH earlier than v8.2, a <tt>ClientAliveCountMax</tt> value of <tt>0</tt>
-causes an idle timeout precisely when the <tt>ClientAliveInterval</tt> is set.
-Starting with v8.2, a value of <tt>0</tt> disables the timeout functionality
-completely. If the option is set to a number greater than <tt>0</tt>, then
-the idle session will be disconnected after
-<tt>ClientAliveInterval * ClientAliveCountMax</tt> seconds.
+If not already configured, ensure that users cannot change GNOME3 screensaver lock settings
+by adding <pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>
+to <tt>/etc/dconf/db/local.d/00-security-settings</tt>.
+For example:
+<pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>
+After the settings have been set, run <tt>dconf update</tt>.
   </td>
   <td xml:lang="en-US">
-This ensures a user login will be terminated as soon as the <tt>ClientAliveInterval</tt>
-is reached.
+A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity
+of the information system but does not want to logout because of the temporary nature of the absense.
+  </td>
+</tr>
+<tr>
+  <td>Req-8.1.8</td>
+  <td>Implement Blank Screensaver</td>
+  <td xml:lang="en-US">
+
+
+
+To set the screensaver mode in the GNOME3 desktop to a blank screen,
+add or set <tt>picture-uri</tt> to <tt>string ''</tt> in
+<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:
+<pre>[org/gnome/desktop/screensaver]
+picture-uri=''
+</pre>
+Once the settings have been added, add a lock to
/usr/share/doc/scap-security-guide/tables/table-ol8-anssirefs.html differs (HTML document, UTF-8 Unicode text)
--- old//usr/share/doc/scap-security-guide/tables/table-ol8-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol8-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,35 +42,73 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>BP28(R1)<br/>NT007(R03)</td>
-  <td>Uninstall the telnet server</td>
+  <td>BP28(R1)</td>
+  <td>Uninstall telnet-server Package</td>
   <td xml:lang="en-US">
-The telnet daemon should be uninstalled.
+The <code>telnet-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase telnet-server</pre>
   </td>
   <td xml:lang="en-US">
-<tt>telnet</tt> allows clear text communications, and does not protect
-any data transmission between client and server. Any confidential data
-can be listened and no integrity checking is made.'
+It is detrimental for operating systems to provide, or install by default,
+functionality exceeding requirements or mission objectives. These
+unnecessary capabilities are often overlooked and therefore may remain
+unsecure. They increase the risk to the platform by providing additional
+attack vectors.
+<br />
+The telnet service provides an unencrypted remote access service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session. If a privileged user were to login using this service, the
+privileged user password could be compromised.
+<br />
+Removing the <tt>telnet-server</tt> package decreases the risk of the
+telnet service's accidental (or intentional) activation.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall rsh Package</td>
+  <td>Uninstall ypserv Package</td>
   <td xml:lang="en-US">
-
-The <tt>rsh</tt> package contains the client commands
-
-for the rsh services
+The <code>ypserv</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase ypserv</pre>
   </td>
   <td xml:lang="en-US">
-These legacy clients contain numerous security exposures and have
-been replaced with the more secure SSH package. Even if the server is removed,
-it is best to ensure the clients are also removed to prevent users from
-inadvertently attempting to use these commands and therefore exposing
-
-their credentials. Note that removing the <tt>rsh</tt> package removes
+The NIS service provides an unencrypted authentication service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session.
 
-the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
+Removing the <tt>ypserv</tt> package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)</td>
+  <td>Uninstall rsh-server Package</td>
+  <td xml:lang="en-US">
+The <code>rsh-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase rsh-server</pre>
+  </td>
+  <td xml:lang="en-US">
+The <tt>rsh-server</tt> service provides unencrypted remote access service which does not
+provide for the confidentiality and integrity of user passwords or the remote session and has very weak
+authentication. If a privileged user were to login using this service, the privileged user password
+could be compromised. The <tt>rsh-server</tt> package provides several obsolete and insecure
+network services. Removing it decreases the risk of those services' accidental (or intentional)
+activation.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)<br/>NT007(R03)</td>
+  <td>Uninstall the telnet server</td>
+  <td xml:lang="en-US">
+The telnet daemon should be uninstalled.
+  </td>
+  <td xml:lang="en-US">
+<tt>telnet</tt> allows clear text communications, and does not protect
+any data transmission between client and server. Any confidential data
+can be listened and no integrity checking is made.'
   </td>
 </tr>
 <tr>
@@ -106,47 +144,6 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall telnet-server Package</td>
-  <td xml:lang="en-US">
-The <code>telnet-server</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase telnet-server</pre>
-  </td>
-  <td xml:lang="en-US">
-It is detrimental for operating systems to provide, or install by default,
-functionality exceeding requirements or mission objectives. These
-unnecessary capabilities are often overlooked and therefore may remain
-unsecure. They increase the risk to the platform by providing additional
-attack vectors.
-<br />
-The telnet service provides an unencrypted remote access service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session. If a privileged user were to login using this service, the
-privileged user password could be compromised.
-<br />
-Removing the <tt>telnet-server</tt> package decreases the risk of the
-telnet service's accidental (or intentional) activation.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
-  <td>Uninstall ypserv Package</td>
-  <td xml:lang="en-US">
-The <code>ypserv</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase ypserv</pre>
-  </td>
-  <td xml:lang="en-US">
-The NIS service provides an unencrypted authentication service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session.
-
-Removing the <tt>ypserv</tt> package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
   <td>Uninstall Sendmail Package</td>
   <td xml:lang="en-US">
 Sendmail is not the default mail transfer agent and is
@@ -163,30 +160,38 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall talk-server Package</td>
+  <td>Uninstall tftp-server Package</td>
   <td xml:lang="en-US">
-The <code>talk-server</code> package can be removed with the following command: <pre> $ sudo yum erase talk-server</pre>
+The <code>tftp-server</code> package can be removed with the following command: <pre> $ sudo yum erase tftp-server</pre>
   </td>
   <td xml:lang="en-US">
-The talk software presents a security risk as it uses unencrypted protocols
-for communications. Removing the <tt>talk-server</tt> package decreases the
-risk of the accidental (or intentional) activation of talk services.
+Removing the <tt>tftp-server</tt> package decreases the risk of the accidental
+(or intentional) activation of tftp services.
+<br /><br />
+If TFTP is required for operational support (such as transmission of router
+configurations), its use must be documented with the Information Systems
+Securty Manager (ISSM), restricted to only authorized personnel, and have
+access control rules established.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall DHCP Server Package</td>
+  <td>Uninstall rsh Package</td>
   <td xml:lang="en-US">
-If the system does not need to act as a DHCP server,
-the dhcp package can be uninstalled.
 
-The <code>dhcp</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase dhcp</pre>
+The <tt>rsh</tt> package contains the client commands
+
+for the rsh services
   </td>
   <td xml:lang="en-US">
-Removing the DHCP server ensures that it cannot be easily or
-accidentally reactivated and disrupt network operation.
+These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+
+their credentials. Note that removing the <tt>rsh</tt> package removes
+
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
   </td>
 </tr>
 <tr>
@@ -204,18 +209,18 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall tftp-server Package</td>
+  <td>Uninstall DHCP Server Package</td>
/usr/share/doc/scap-security-guide/tables/table-ol8-cuirefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-ol8-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol8-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,15 @@
 </thead>
 <tr>
   <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -59,6 +60,27 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Verify Only Root Has UID 0</td>
+  <td xml:lang="en-US">
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
+  </td>
+  <td xml:lang="en-US">
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
+  </td>
+</tr>
+<tr>
   <td>3.1.1</td>
   <td>Disable GDM Guest Login</td>
   <td xml:lang="en-US">
@@ -76,6 +98,31 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Disable SSH Access via Empty Passwords</td>
+  <td xml:lang="en-US">
+Disallow SSH login with empty passwords.
+The default SSH configuration disables logins with empty passwords. The appropriate
+configuration is used if no value is set for <tt>PermitEmptyPasswords</tt>.
+<br />
+To explicitly disallow SSH login from accounts with empty passwords,
+add or correct the following line in
+
+
+<tt>/etc/ssh/sshd_config</tt>:
+
+<br />
+<pre>PermitEmptyPasswords no</pre>
+Any accounts with empty passwords should be disabled immediately, and PAM configuration
+should prevent users from being able to assign themselves empty passwords.
+  </td>
+  <td xml:lang="en-US">
+Configuring this setting for the SSH daemon provides additional assurance
+that remote login via SSH will require a password, even in the event of
+misconfiguration elsewhere.
+  </td>
+</tr>
+<tr>
   <td>3.1.1<br/>3.1.6</td>
   <td>Direct root Logins Not Allowed</td>
   <td xml:lang="en-US">
@@ -103,17 +150,21 @@
 </tr>
 <tr>
   <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Serial Port Root Logins</td>
+  <td>Prevent Login to Accounts With Empty Password</td>
   <td xml:lang="en-US">
-To restrict root logins on serial ports,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>ttyS0
-ttyS1</pre>
+If an account is configured for password authentication
+but does not have an assigned password, it may be possible to log
+into the account without authentication. Remove any instances of the
+<tt>nullok</tt> in
+
+<tt>/etc/pam.d/system-auth</tt>
+
+to prevent logins with empty passwords.
   </td>
   <td xml:lang="en-US">
-Preventing direct root login to serial port interfaces
-helps ensure accountability for actions taken on the systems
-using the root account.
+If an account has an empty password, anyone could log in and
+run commands with the privileges of that account. Accounts with
+empty passwords should never be used in operational environments.
   </td>
 </tr>
 <tr>
@@ -134,41 +185,20 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Virtual Console Root Logins</td>
-  <td xml:lang="en-US">
-To restrict root logins through the (deprecated) virtual console devices,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>vc/1
-vc/2
-vc/3
-vc/4</pre>
-  </td>
-  <td xml:lang="en-US">
-Preventing direct root login to virtual console devices
-helps ensure accountability for actions taken on the system
-using the root account.
-  </td>
-</tr>
-<tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Verify Only Root Has UID 0</td>
+  <td>3.1.1<br/>3.4.5</td>
+  <td>Require Authentication for Emergency Systemd Target</td>
   <td xml:lang="en-US">
-If any account other than root has a UID of 0, this misconfiguration should
-be investigated and the accounts other than root should be removed or have
-their UID changed.
-<br />
-If the account is associated with system commands or applications the UID
-should be changed to one greater than "0" but less than "1000."
-Otherwise assign a UID greater than "1000" that has not already been
-assigned.
+Emergency mode is intended as a system recovery
+method, providing a single user root access to the system
+during a failed boot sequence.
+<br /><br />
+By default, Emergency mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/emergency.service</tt>.
   </td>
   <td xml:lang="en-US">
-An account has root authority if it has a UID of 0. Multiple accounts
-with a UID of 0 afford more opportunity for potential intruders to
-guess a password for a privileged account. Proper configuration of
-sudo is recommended to afford multiple system administrators
-access to root privileges in an accountable manner.
+This prevents attackers with physical access from trivially bypassing security
+on the machine and gaining root access. Such accesses are further prevented
+by configuring the bootloader password.
   </td>
 </tr>
 <tr>
@@ -193,65 +223,64 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Single User Mode</td>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Restrict Virtual Console Root Logins</td>
   <td xml:lang="en-US">
-Single-user mode is intended as a system recovery
-method, providing a single user root access to the system by
-providing a boot option at startup. By default, no authentication
-is performed if single-user mode is selected.
-<br /><br />
-By default, single-user mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/rescue.service</tt>.
+To restrict root logins through the (deprecated) virtual console devices,
+ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
+<pre>vc/1
+vc/2
+vc/3
+vc/4</pre>
   </td>
   <td xml:lang="en-US">
-This prevents attackers with physical access from trivially bypassing security
-on the machine and gaining root access. Such accesses are further prevented
-by configuring the bootloader password.
+Preventing direct root login to virtual console devices
+helps ensure accountability for actions taken on the system
+using the root account.
   </td>
 </tr>
 <tr>
/usr/share/doc/scap-security-guide/tables/table-ol8-nistrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-ol8-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol8-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,38 +42,16 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
   <td>IA-2<br/>AC-3<br/>CM-6(a)</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -82,142 +60,110 @@
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>IA-2<br/>AC-6(5)<br/>IA-4(b)</td>
+  <td>Verify Only Root Has UID 0</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F auid>=1000 -F auid!=unset -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
-accesses for all users and root. If the <tt>auditd</tt> daemon is configured
+At a minimum, the audit system should collect file permission
+changes for all users and root. If the <tt>auditd</tt> daemon is configured
 to use the <tt>augenrules</tt> program to read audit rules during daemon
-startup (the default), add the following lines to a file with suffix
+startup (the default), add the following line to a file with suffix
 <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
+utility to read audit rules during daemon startup, add the following line to
 <tt>/etc/audit/audit.rules</tt> file:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-  </td>
-  <td xml:lang="en-US">
-Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
-these events could serve as evidence of potential system compromise.
-  </td>
-</tr>
-<tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Logon and Logout Events - lastlog</td>
-  <td xml:lang="en-US">
-The audit system already collects login information for all users
-and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following lines to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt> in order to watch for attempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
-<tt>/etc/audit/audit.rules</tt> file in order to watch for unattempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
   </td>
   <td xml:lang="en-US">
-Manual editing of these files may indicate nefarious activity, such
-as an attacker attempting to remove evidence of an intrusion.
+The changing of file permissions could indicate that a user is attempting to
+gain access to information that would otherwise be disallowed. Auditing DAC modifications
+can facilitate the identification of patterns of abuse among both authorized and
+unauthorized users.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Time Through clock_settime</td>
+  <td>Record Access Events to Audit Log Directory</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
/usr/share/doc/scap-security-guide/tables/table-ol8-pcidssrefs.html differs (HTML document, ASCII text)
--- old//usr/share/doc/scap-security-guide/tables/table-ol8-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-ol8-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -76,6 +76,29 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
+  <td>Ensure Software Patches Installed</td>
+  <td xml:lang="en-US">
+
+If the system is joined to the ULN
+or a yum server, run the following command to install updates:
+<pre>$ sudo yum update</pre>
+If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
+
+<br /><br />
+NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
+dictates.
+  </td>
+  <td xml:lang="en-US">
+Installing software updates is a fundamental mitigation against
+the exploitation of publicly-known vulnerabilities. If the most
+recent security patches and updates are not installed, unauthorized
+users may take advantage of weaknesses in the unpatched software. The
+lack of prompt attention to patching could result in a system compromise.
+  </td>
+</tr>
+<tr>
+  <td>Req-6.2</td>
   <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
   <td xml:lang="en-US">
 The <tt>gpgcheck</tt> option controls whether
@@ -104,29 +127,6 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure Software Patches Installed</td>
-  <td xml:lang="en-US">
-
-If the system is joined to the ULN
-or a yum server, run the following command to install updates:
-<pre>$ sudo yum update</pre>
-If the system is not configured to use one of these sources, updates (in the form of RPM packages)
-can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
-
-<br /><br />
-NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
-dictates.
-  </td>
-  <td xml:lang="en-US">
-Installing software updates is a fundamental mitigation against
-the exploitation of publicly-known vulnerabilities. If the most
-recent security patches and updates are not installed, unauthorized
-users may take advantage of weaknesses in the unpatched software. The
-lack of prompt attention to patching could result in a system compromise.
-  </td>
-</tr>
-<tr>
-  <td>Req-6.2</td>
   <td>Ensure Oracle Linux GPG Key Installed</td>
   <td xml:lang="en-US">
 To ensure the system can cryptographically verify base software
@@ -155,64 +155,64 @@
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/grub2/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
+To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
@@ -289,24 +289,42 @@
 </tr>
 <tr>
   <td>Req-8.1.8</td>
-  <td>Set SSH Client Alive Count Max</td>
+  <td>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</td>
   <td xml:lang="en-US">
-The SSH server sends at most <tt>ClientAliveCountMax</tt> messages
-during a SSH session and waits for a response from the SSH client.
-The option <tt>ClientAliveInterval</tt> configures timeout after
-each <tt>ClientAliveCountMax</tt> message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
-and terminated.
-For SSH earlier than v8.2, a <tt>ClientAliveCountMax</tt> value of <tt>0</tt>
-causes an idle timeout precisely when the <tt>ClientAliveInterval</tt> is set.
-Starting with v8.2, a value of <tt>0</tt> disables the timeout functionality
-completely. If the option is set to a number greater than <tt>0</tt>, then
-the idle session will be disconnected after
-<tt>ClientAliveInterval * ClientAliveCountMax</tt> seconds.
+If not already configured, ensure that users cannot change GNOME3 screensaver lock settings
+by adding <pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>
+to <tt>/etc/dconf/db/local.d/00-security-settings</tt>.
+For example:
+<pre>/org/gnome/desktop/screensaver/idle-activation-enabled</pre>
+After the settings have been set, run <tt>dconf update</tt>.
   </td>
   <td xml:lang="en-US">
-This ensures a user login will be terminated as soon as the <tt>ClientAliveInterval</tt>
-is reached.
+A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity
+of the information system but does not want to logout because of the temporary nature of the absense.
+  </td>
+</tr>
+<tr>
+  <td>Req-8.1.8</td>
+  <td>Implement Blank Screensaver</td>
+  <td xml:lang="en-US">
+
+
+
+To set the screensaver mode in the GNOME3 desktop to a blank screen,
+add or set <tt>picture-uri</tt> to <tt>string ''</tt> in
+<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:
+<pre>[org/gnome/desktop/screensaver]
+picture-uri=''
/usr/share/doc/scap-security-guide/tables/table-rhcos4-nistrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhcos4-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhcos4-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,165 +42,128 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
+  <td>IA-2<br/>AC-3<br/>CM-6(a)</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
+<br /><br />
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
+This prevents attackers with physical access from trivially bypassing security
+on the machine and gaining root access. Such accesses are further prevented
+by configuring the bootloader password.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>IA-2<br/>AC-6(5)<br/>IA-4(b)</td>
+  <td>Verify Only Root Has UID 0</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
-accesses for all users and root. If the <tt>auditd</tt> daemon is configured
+At a minimum, the audit system should collect file permission
+changes for all users and root. If the <tt>auditd</tt> daemon is configured
 to use the <tt>augenrules</tt> program to read audit rules during daemon
-startup (the default), add the following lines to a file with suffix
+startup (the default), add the following line to a file with suffix
 <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
+utility to read audit rules during daemon startup, add the following line to
 <tt>/etc/audit/audit.rules</tt> file:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-  </td>
-  <td xml:lang="en-US">
-Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
-these events could serve as evidence of potential system compromise.
-  </td>
-</tr>
-<tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Logon and Logout Events - lastlog</td>
-  <td xml:lang="en-US">
-The audit system already collects login information for all users
-and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following lines to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt> in order to watch for attempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
-<tt>/etc/audit/audit.rules</tt> file in order to watch for unattempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
   </td>
   <td xml:lang="en-US">
-Manual editing of these files may indicate nefarious activity, such
-as an attacker attempting to remove evidence of an intrusion.
+The changing of file permissions could indicate that a user is attempting to
+gain access to information that would otherwise be disallowed. Auditing DAC modifications
+can facilitate the identification of patterns of abuse among both authorized and
+unauthorized users.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Time Through clock_settime</td>
+  <td>Record Access Events to Audit Log Directory</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change</pre>
-If the system is 64 bit then also add the following line:
-<pre>-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change</pre>
+The audit system should collect access events to read audit log directory.
+The following audit rule will assure that access to audit log directory are
+collected.
+<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
+If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
+program to read audit rules during daemon startup (the default), add the
+rule to a file with suffix <tt>.rules</tt> in the directory
+<tt>/etc/audit/rules.d</tt>.
/usr/share/doc/scap-security-guide/tables/table-rhel7-anssirefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,35 +42,73 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>BP28(R1)<br/>NT007(R03)</td>
-  <td>Uninstall the telnet server</td>
+  <td>BP28(R1)</td>
+  <td>Uninstall telnet-server Package</td>
   <td xml:lang="en-US">
-The telnet daemon should be uninstalled.
+The <code>telnet-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase telnet-server</pre>
   </td>
   <td xml:lang="en-US">
-<tt>telnet</tt> allows clear text communications, and does not protect
-any data transmission between client and server. Any confidential data
-can be listened and no integrity checking is made.'
+It is detrimental for operating systems to provide, or install by default,
+functionality exceeding requirements or mission objectives. These
+unnecessary capabilities are often overlooked and therefore may remain
+unsecure. They increase the risk to the platform by providing additional
+attack vectors.
+<br />
+The telnet service provides an unencrypted remote access service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session. If a privileged user were to login using this service, the
+privileged user password could be compromised.
+<br />
+Removing the <tt>telnet-server</tt> package decreases the risk of the
+telnet service's accidental (or intentional) activation.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall rsh Package</td>
+  <td>Uninstall ypserv Package</td>
   <td xml:lang="en-US">
-
-The <tt>rsh</tt> package contains the client commands
-
-for the rsh services
+The <code>ypserv</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase ypserv</pre>
   </td>
   <td xml:lang="en-US">
-These legacy clients contain numerous security exposures and have
-been replaced with the more secure SSH package. Even if the server is removed,
-it is best to ensure the clients are also removed to prevent users from
-inadvertently attempting to use these commands and therefore exposing
-
-their credentials. Note that removing the <tt>rsh</tt> package removes
+The NIS service provides an unencrypted authentication service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session.
 
-the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
+Removing the <tt>ypserv</tt> package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)</td>
+  <td>Uninstall rsh-server Package</td>
+  <td xml:lang="en-US">
+The <code>rsh-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase rsh-server</pre>
+  </td>
+  <td xml:lang="en-US">
+The <tt>rsh-server</tt> service provides unencrypted remote access service which does not
+provide for the confidentiality and integrity of user passwords or the remote session and has very weak
+authentication. If a privileged user were to login using this service, the privileged user password
+could be compromised. The <tt>rsh-server</tt> package provides several obsolete and insecure
+network services. Removing it decreases the risk of those services' accidental (or intentional)
+activation.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)<br/>NT007(R03)</td>
+  <td>Uninstall the telnet server</td>
+  <td xml:lang="en-US">
+The telnet daemon should be uninstalled.
+  </td>
+  <td xml:lang="en-US">
+<tt>telnet</tt> allows clear text communications, and does not protect
+any data transmission between client and server. Any confidential data
+can be listened and no integrity checking is made.'
   </td>
 </tr>
 <tr>
@@ -106,47 +144,6 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall telnet-server Package</td>
-  <td xml:lang="en-US">
-The <code>telnet-server</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase telnet-server</pre>
-  </td>
-  <td xml:lang="en-US">
-It is detrimental for operating systems to provide, or install by default,
-functionality exceeding requirements or mission objectives. These
-unnecessary capabilities are often overlooked and therefore may remain
-unsecure. They increase the risk to the platform by providing additional
-attack vectors.
-<br />
-The telnet service provides an unencrypted remote access service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session. If a privileged user were to login using this service, the
-privileged user password could be compromised.
-<br />
-Removing the <tt>telnet-server</tt> package decreases the risk of the
-telnet service's accidental (or intentional) activation.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
-  <td>Uninstall ypserv Package</td>
-  <td xml:lang="en-US">
-The <code>ypserv</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase ypserv</pre>
-  </td>
-  <td xml:lang="en-US">
-The NIS service provides an unencrypted authentication service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session.
-
-Removing the <tt>ypserv</tt> package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
   <td>Uninstall Sendmail Package</td>
   <td xml:lang="en-US">
 Sendmail is not the default mail transfer agent and is
@@ -163,30 +160,38 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall talk-server Package</td>
+  <td>Uninstall tftp-server Package</td>
   <td xml:lang="en-US">
-The <code>talk-server</code> package can be removed with the following command: <pre> $ sudo yum erase talk-server</pre>
+The <code>tftp-server</code> package can be removed with the following command: <pre> $ sudo yum erase tftp-server</pre>
   </td>
   <td xml:lang="en-US">
-The talk software presents a security risk as it uses unencrypted protocols
-for communications. Removing the <tt>talk-server</tt> package decreases the
-risk of the accidental (or intentional) activation of talk services.
+Removing the <tt>tftp-server</tt> package decreases the risk of the accidental
+(or intentional) activation of tftp services.
+<br /><br />
+If TFTP is required for operational support (such as transmission of router
+configurations), its use must be documented with the Information Systems
+Securty Manager (ISSM), restricted to only authorized personnel, and have
+access control rules established.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall DHCP Server Package</td>
+  <td>Uninstall rsh Package</td>
   <td xml:lang="en-US">
-If the system does not need to act as a DHCP server,
-the dhcp package can be uninstalled.
 
-The <code>dhcp</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase dhcp</pre>
+The <tt>rsh</tt> package contains the client commands
+
+for the rsh services
   </td>
   <td xml:lang="en-US">
-Removing the DHCP server ensures that it cannot be easily or
-accidentally reactivated and disrupt network operation.
+These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+
+their credentials. Note that removing the <tt>rsh</tt> package removes
+
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
   </td>
 </tr>
 <tr>
@@ -219,18 +224,18 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall tftp-server Package</td>
+  <td>Uninstall DHCP Server Package</td>
/usr/share/doc/scap-security-guide/tables/table-rhel7-cisrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-cisrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-cisrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -63,6 +63,21 @@
 </tr>
 <tr>
   <td>1.1.1.2</td>
+  <td>Disable Mounting of freevxfs</td>
+  <td xml:lang="en-US">
+
+To configure the system to prevent the <code>freevxfs</code>
+kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/freevxfs.conf</code>:
+<pre>install freevxfs /bin/true</pre>
+This effectively prevents usage of this uncommon filesystem.
+  </td>
+  <td xml:lang="en-US">
+Linux kernel modules which implement filesystems that are not needed by the
+local system should be disabled.
+  </td>
+</tr>
+<tr>
+  <td>1.1.1.2</td>
   <td>Disable Mounting of squashfs</td>
   <td xml:lang="en-US">
 
@@ -82,21 +97,6 @@
   </td>
 </tr>
 <tr>
-  <td>1.1.1.2</td>
-  <td>Disable Mounting of freevxfs</td>
-  <td xml:lang="en-US">
-
-To configure the system to prevent the <code>freevxfs</code>
-kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/freevxfs.conf</code>:
-<pre>install freevxfs /bin/true</pre>
-This effectively prevents usage of this uncommon filesystem.
-  </td>
-  <td xml:lang="en-US">
-Linux kernel modules which implement filesystems that are not needed by the
-local system should be disabled.
-  </td>
-</tr>
-<tr>
   <td>1.1.1.3</td>
   <td>Disable Mounting of udf</td>
   <td xml:lang="en-US">
@@ -570,34 +570,6 @@
 </tr>
 <tr>
   <td>1.2.3</td>
-  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
-  <td xml:lang="en-US">
-The <tt>gpgcheck</tt> option controls whether
-RPM packages' signatures are always checked prior to installation.
-To configure yum to check package signatures before installing
-them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
-the <tt>[main]</tt> section:
-<pre>gpgcheck=1</pre>
-  </td>
-  <td xml:lang="en-US">
-Changes to any software components can have significant effects on the
-overall security of the operating system. This requirement ensures the
-software has not been tampered with and that it has been provided by a
-trusted vendor.
-<br />
-Accordingly, patches, service packs, device drivers, or operating system
-components must be signed with a certificate recognized and approved by the
-organization.
-<br />Verifying the authenticity of the software prior to installation
-validates the integrity of the patch or upgrade received from a vendor.
-This ensures the software has not been tampered with and that it has been
-provided by a trusted vendor. Self-signed certificates are disallowed by
-this requirement. Certificates used to verify the software must be from an
-approved Certificate Authority (CA).
-  </td>
-</tr>
-<tr>
-  <td>1.2.3</td>
   <td>Ensure Red Hat GPG Key Installed</td>
   <td xml:lang="en-US">
 To ensure the system can cryptographically verify base software packages
@@ -626,6 +598,34 @@
   </td>
 </tr>
 <tr>
+  <td>1.2.3</td>
+  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
+  <td xml:lang="en-US">
+The <tt>gpgcheck</tt> option controls whether
+RPM packages' signatures are always checked prior to installation.
+To configure yum to check package signatures before installing
+them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
+the <tt>[main]</tt> section:
+<pre>gpgcheck=1</pre>
+  </td>
+  <td xml:lang="en-US">
+Changes to any software components can have significant effects on the
+overall security of the operating system. This requirement ensures the
+software has not been tampered with and that it has been provided by a
+trusted vendor.
+<br />
+Accordingly, patches, service packs, device drivers, or operating system
+components must be signed with a certificate recognized and approved by the
+organization.
+<br />Verifying the authenticity of the software prior to installation
+validates the integrity of the patch or upgrade received from a vendor.
+This ensures the software has not been tampered with and that it has been
+provided by a trusted vendor. Self-signed certificates are disallowed by
+this requirement. Certificates used to verify the software must be from an
+approved Certificate Authority (CA).
+  </td>
+</tr>
+<tr>
   <td>1.2.5</td>
   <td>Disable Red Hat Network Service (rhnsd)</td>
   <td xml:lang="en-US">
@@ -646,18 +646,6 @@
 </tr>
 <tr>
   <td>1.3.1</td>
-  <td>Install AIDE</td>
-  <td xml:lang="en-US">
-The <code>aide</code> package can be installed with the following command:
-<pre>
-$ sudo yum install aide</pre>
-  </td>
-  <td xml:lang="en-US">
-The AIDE package must be installed if it is to be available for integrity checking.
-  </td>
-</tr>
-<tr>
-  <td>1.3.1</td>
   <td>Build and Test AIDE Database</td>
   <td xml:lang="en-US">
 Run the following command to generate a new database:
@@ -689,6 +677,18 @@
   </td>
 </tr>
 <tr>
+  <td>1.3.1</td>
+  <td>Install AIDE</td>
+  <td xml:lang="en-US">
+The <code>aide</code> package can be installed with the following command:
+<pre>
+$ sudo yum install aide</pre>
+  </td>
+  <td xml:lang="en-US">
+The AIDE package must be installed if it is to be available for integrity checking.
+  </td>
+</tr>
+<tr>
   <td>1.3.2</td>
   <td>Configure Periodic Execution of AIDE</td>
   <td xml:lang="en-US">
@@ -719,7 +719,7 @@
 </tr>
 <tr>
   <td>1.4.1</td>
-  <td>Set Boot Loader Password in grub2</td>
+  <td>Set the UEFI Boot Loader Password</td>
   <td xml:lang="en-US">
 The grub2 boot loader should have a superuser account and password
 protection enabled to protect boot-time settings.
@@ -741,7 +741,7 @@
 </tr>
 <tr>
   <td>1.4.1</td>
-  <td>Set the UEFI Boot Loader Password</td>
+  <td>Set Boot Loader Password in grub2</td>
   <td xml:lang="en-US">
 The grub2 boot loader should have a superuser account and password
 protection enabled to protect boot-time settings.
@@ -763,48 +763,32 @@
 </tr>
 <tr>
   <td>1.4.2</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
-  <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
-
-To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
-  </td>
-  <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
-  </td>
-</tr>
-<tr>
-  <td>1.4.2</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
/usr/share/doc/scap-security-guide/tables/table-rhel7-cuirefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,15 @@
 </thead>
 <tr>
   <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -59,6 +60,27 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Verify Only Root Has UID 0</td>
+  <td xml:lang="en-US">
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
+  </td>
+  <td xml:lang="en-US">
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
+  </td>
+</tr>
+<tr>
   <td>3.1.1</td>
   <td>Disable GDM Guest Login</td>
   <td xml:lang="en-US">
@@ -76,6 +98,31 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Disable SSH Access via Empty Passwords</td>
+  <td xml:lang="en-US">
+Disallow SSH login with empty passwords.
+The default SSH configuration disables logins with empty passwords. The appropriate
+configuration is used if no value is set for <tt>PermitEmptyPasswords</tt>.
+<br />
+To explicitly disallow SSH login from accounts with empty passwords,
+add or correct the following line in
+
+
+<tt>/etc/ssh/sshd_config</tt>:
+
+<br />
+<pre>PermitEmptyPasswords no</pre>
+Any accounts with empty passwords should be disabled immediately, and PAM configuration
+should prevent users from being able to assign themselves empty passwords.
+  </td>
+  <td xml:lang="en-US">
+Configuring this setting for the SSH daemon provides additional assurance
+that remote login via SSH will require a password, even in the event of
+misconfiguration elsewhere.
+  </td>
+</tr>
+<tr>
   <td>3.1.1<br/>3.1.6</td>
   <td>Direct root Logins Not Allowed</td>
   <td xml:lang="en-US">
@@ -103,17 +150,21 @@
 </tr>
 <tr>
   <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Serial Port Root Logins</td>
+  <td>Prevent Login to Accounts With Empty Password</td>
   <td xml:lang="en-US">
-To restrict root logins on serial ports,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>ttyS0
-ttyS1</pre>
+If an account is configured for password authentication
+but does not have an assigned password, it may be possible to log
+into the account without authentication. Remove any instances of the
+<tt>nullok</tt> in
+
+<tt>/etc/pam.d/system-auth</tt>
+
+to prevent logins with empty passwords.
   </td>
   <td xml:lang="en-US">
-Preventing direct root login to serial port interfaces
-helps ensure accountability for actions taken on the systems
-using the root account.
+If an account has an empty password, anyone could log in and
+run commands with the privileges of that account. Accounts with
+empty passwords should never be used in operational environments.
   </td>
 </tr>
 <tr>
@@ -134,41 +185,20 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Virtual Console Root Logins</td>
-  <td xml:lang="en-US">
-To restrict root logins through the (deprecated) virtual console devices,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>vc/1
-vc/2
-vc/3
-vc/4</pre>
-  </td>
-  <td xml:lang="en-US">
-Preventing direct root login to virtual console devices
-helps ensure accountability for actions taken on the system
-using the root account.
-  </td>
-</tr>
-<tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Verify Only Root Has UID 0</td>
+  <td>3.1.1<br/>3.4.5</td>
+  <td>Require Authentication for Emergency Systemd Target</td>
   <td xml:lang="en-US">
-If any account other than root has a UID of 0, this misconfiguration should
-be investigated and the accounts other than root should be removed or have
-their UID changed.
-<br />
-If the account is associated with system commands or applications the UID
-should be changed to one greater than "0" but less than "1000."
-Otherwise assign a UID greater than "1000" that has not already been
-assigned.
+Emergency mode is intended as a system recovery
+method, providing a single user root access to the system
+during a failed boot sequence.
+<br /><br />
+By default, Emergency mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/emergency.service</tt>.
   </td>
   <td xml:lang="en-US">
-An account has root authority if it has a UID of 0. Multiple accounts
-with a UID of 0 afford more opportunity for potential intruders to
-guess a password for a privileged account. Proper configuration of
-sudo is recommended to afford multiple system administrators
-access to root privileges in an accountable manner.
+This prevents attackers with physical access from trivially bypassing security
+on the machine and gaining root access. Such accesses are further prevented
+by configuring the bootloader password.
   </td>
 </tr>
 <tr>
@@ -193,65 +223,64 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Single User Mode</td>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Restrict Virtual Console Root Logins</td>
   <td xml:lang="en-US">
-Single-user mode is intended as a system recovery
-method, providing a single user root access to the system by
-providing a boot option at startup. By default, no authentication
-is performed if single-user mode is selected.
-<br /><br />
-By default, single-user mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/rescue.service</tt>.
+To restrict root logins through the (deprecated) virtual console devices,
+ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
+<pre>vc/1
+vc/2
+vc/3
+vc/4</pre>
   </td>
   <td xml:lang="en-US">
-This prevents attackers with physical access from trivially bypassing security
-on the machine and gaining root access. Such accesses are further prevented
-by configuring the bootloader password.
+Preventing direct root login to virtual console devices
+helps ensure accountability for actions taken on the system
+using the root account.
   </td>
 </tr>
 <tr>
/usr/share/doc/scap-security-guide/tables/table-rhel7-nistrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,38 +42,16 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
   <td>IA-2<br/>AC-3<br/>CM-6(a)</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -82,142 +60,110 @@
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>IA-2<br/>AC-6(5)<br/>IA-4(b)</td>
+  <td>Verify Only Root Has UID 0</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
-accesses for all users and root. If the <tt>auditd</tt> daemon is configured
+At a minimum, the audit system should collect file permission
+changes for all users and root. If the <tt>auditd</tt> daemon is configured
 to use the <tt>augenrules</tt> program to read audit rules during daemon
-startup (the default), add the following lines to a file with suffix
+startup (the default), add the following line to a file with suffix
 <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
+utility to read audit rules during daemon startup, add the following line to
 <tt>/etc/audit/audit.rules</tt> file:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-  </td>
-  <td xml:lang="en-US">
-Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
-these events could serve as evidence of potential system compromise.
-  </td>
-</tr>
-<tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Logon and Logout Events - lastlog</td>
-  <td xml:lang="en-US">
-The audit system already collects login information for all users
-and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following lines to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt> in order to watch for attempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
-<tt>/etc/audit/audit.rules</tt> file in order to watch for unattempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
   </td>
   <td xml:lang="en-US">
-Manual editing of these files may indicate nefarious activity, such
-as an attacker attempting to remove evidence of an intrusion.
+The changing of file permissions could indicate that a user is attempting to
+gain access to information that would otherwise be disallowed. Auditing DAC modifications
+can facilitate the identification of patterns of abuse among both authorized and
+unauthorized users.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Time Through clock_settime</td>
+  <td>Record Access Events to Audit Log Directory</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
/usr/share/doc/scap-security-guide/tables/table-rhel7-ospprefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-ospprefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-ospprefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -53,6 +53,28 @@
 </tr>
 <tr>
   <td>FAU_GEN.1</td>
+  <td>Enable auditd Service</td>
+  <td xml:lang="en-US">
+The <tt>auditd</tt> service is an essential userspace component of
+the Linux Auditing System, as it is responsible for writing audit records to
+disk.
+
+The <code>auditd</code> service can be enabled with the following command:
+<pre>$ sudo systemctl enable auditd.service</pre>
+  </td>
+  <td xml:lang="en-US">
+Without establishing what type of events occurred, it would be difficult
+to establish, correlate, and investigate the events leading up to an outage or attack.
+Ensuring the <tt>auditd</tt> service is active ensures audit records
+generated by the kernel are appropriately recorded.
+<br /><br />
+Additionally, a properly configured audit subsystem ensures that actions of
+individual system users can be uniquely traced to those users so they
+can be held accountable for their actions.
+  </td>
+</tr>
+<tr>
+  <td>FAU_GEN.1</td>
   <td>Set number of records to cause an explicit flush to audit logs</td>
   <td xml:lang="en-US">
 To configure Audit daemon to issue an explicit flush to disk command
@@ -88,28 +110,6 @@
 </tr>
 <tr>
   <td>FAU_GEN.1</td>
-  <td>Enable auditd Service</td>
-  <td xml:lang="en-US">
-The <tt>auditd</tt> service is an essential userspace component of
-the Linux Auditing System, as it is responsible for writing audit records to
-disk.
-
-The <code>auditd</code> service can be enabled with the following command:
-<pre>$ sudo systemctl enable auditd.service</pre>
-  </td>
-  <td xml:lang="en-US">
-Without establishing what type of events occurred, it would be difficult
-to establish, correlate, and investigate the events leading up to an outage or attack.
-Ensuring the <tt>auditd</tt> service is active ensures audit records
-generated by the kernel are appropriately recorded.
-<br /><br />
-Additionally, a properly configured audit subsystem ensures that actions of
-individual system users can be uniquely traced to those users so they
-can be held accountable for their actions.
-  </td>
-</tr>
-<tr>
-  <td>FAU_GEN.1</td>
   <td>Include Local Events in Audit Logs</td>
   <td xml:lang="en-US">
 To configure Audit daemon to include local events in Audit logs, set
@@ -123,190 +123,127 @@
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
-  <td>FAU_GEN.1.1.c</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
+The audit system should collect write events to /etc/gshadow file for all users and root.
+If the <tt>auditd</tt> daemon is configured
+to use the <tt>augenrules</tt> program to read audit rules during daemon
+startup (the default), add the following lines to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
+<pre>-a always,exit -F arch=b32 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+utility to read audit rules during daemon startup, add the following lines to
+<tt>/etc/audit/audit.rules</tt> file:
+<pre>-a always,exit -F arch=b32 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S open -F a1&amp;03 -F path=/etc/gshadow -F auid>=1000 -F auid!=unset -F key=user-modify</pre>
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+Creation of users through direct edition of /etc/gshadow could be an indicator of malicious activity on a system.
+Auditing these events could serve as evidence of potential system compromise.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</td>
+  <td>Encrypt Audit Records Sent With audispd Plugin</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect the execution of
-privileged commands for all users and root. If the <tt>auditd</tt> daemon is
-configured to use the <tt>augenrules</tt> program to read audit rules during
-daemon startup (the default), add a line of the following form to a file with
-suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add a line of the following
-form to <tt>/etc/audit/audit.rules</tt>:
-<pre>-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid&gt;=1000 -F auid!=unset -F key=privileged</pre>
+Configure the operating system to encrypt the transfer of off-loaded audit
+records onto a different system or media from the system being audited.
+
+Uncomment the <tt>enable_krb5</tt> option in <pre>/etc/audisp/audisp-remote.conf</pre>,
+and set it with the following line:
+<pre>enable_krb5 = yes</pre>
   </td>
   <td xml:lang="en-US">
-Misuse of privileged functions, either intentionally or unintentionally by
-authorized users, or by unauthorized external entities that have compromised system accounts,
-is a serious and ongoing concern and can have significant adverse impacts on organizations.
-Auditing the use of privileged functions is one way to detect such misuse and identify
-the risk from insider and advanced persistent threats.
-<br /><br />
-Privileged programs are subject to escalation-of-privilege attacks,
-which attempt to subvert their normal role of providing some necessary but
-limited capability. As such, motivation exists to monitor these programs for
-unusual activity.
+Information stored in one location is vulnerable to accidental or incidental deletion
+or alteration. Off-loading is a common process in information systems with limited
+audit storage capacity.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>FAU_GEN.1.1.c</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
/usr/share/doc/scap-security-guide/tables/table-rhel7-pcidssrefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel7-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel7-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -76,30 +76,25 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
+  <td>Ensure Software Patches Installed</td>
   <td xml:lang="en-US">
-The <tt>gpgcheck</tt> option controls whether
-RPM packages' signatures are always checked prior to installation.
-To configure yum to check package signatures before installing
-them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
-the <tt>[main]</tt> section:
-<pre>gpgcheck=1</pre>
+
+If the system is joined to the Red Hat Network, a Red Hat Satellite Server,
+or a yum server, run the following command to install updates:
+<pre>$ sudo yum update</pre>
+If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+can be manually downloaded from the Red Hat Network and installed using <tt>rpm</tt>.
+
+<br /><br />
+NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
+dictates.
   </td>
   <td xml:lang="en-US">
-Changes to any software components can have significant effects on the
-overall security of the operating system. This requirement ensures the
-software has not been tampered with and that it has been provided by a
-trusted vendor.
-<br />
-Accordingly, patches, service packs, device drivers, or operating system
-components must be signed with a certificate recognized and approved by the
-organization.
-<br />Verifying the authenticity of the software prior to installation
-validates the integrity of the patch or upgrade received from a vendor.
-This ensures the software has not been tampered with and that it has been
-provided by a trusted vendor. Self-signed certificates are disallowed by
-this requirement. Certificates used to verify the software must be from an
-approved Certificate Authority (CA).
+Installing software updates is a fundamental mitigation against
+the exploitation of publicly-known vulnerabilities. If the most
+recent security patches and updates are not installed, unauthorized
+users may take advantage of weaknesses in the unpatched software. The
+lack of prompt attention to patching could result in a system compromise.
   </td>
 </tr>
 <tr>
@@ -133,87 +128,92 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure Software Patches Installed</td>
+  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
   <td xml:lang="en-US">
-
-If the system is joined to the Red Hat Network, a Red Hat Satellite Server,
-or a yum server, run the following command to install updates:
-<pre>$ sudo yum update</pre>
-If the system is not configured to use one of these sources, updates (in the form of RPM packages)
-can be manually downloaded from the Red Hat Network and installed using <tt>rpm</tt>.
-
-<br /><br />
-NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
-dictates.
+The <tt>gpgcheck</tt> option controls whether
+RPM packages' signatures are always checked prior to installation.
+To configure yum to check package signatures before installing
+them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
+the <tt>[main]</tt> section:
+<pre>gpgcheck=1</pre>
   </td>
   <td xml:lang="en-US">
-Installing software updates is a fundamental mitigation against
-the exploitation of publicly-known vulnerabilities. If the most
-recent security patches and updates are not installed, unauthorized
-users may take advantage of weaknesses in the unpatched software. The
-lack of prompt attention to patching could result in a system compromise.
+Changes to any software components can have significant effects on the
+overall security of the operating system. This requirement ensures the
+software has not been tampered with and that it has been provided by a
+trusted vendor.
+<br />
+Accordingly, patches, service packs, device drivers, or operating system
+components must be signed with a certificate recognized and approved by the
+organization.
+<br />Verifying the authenticity of the software prior to installation
+validates the integrity of the patch or upgrade received from a vendor.
+This ensures the software has not been tampered with and that it has been
+provided by a trusted vendor. Self-signed certificates are disallowed by
+this requirement. Certificates used to verify the software must be from an
+approved Certificate Authority (CA).
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/grub2/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
+To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
@@ -290,24 +290,42 @@
 </tr>
 <tr>
   <td>Req-8.1.8</td>
-  <td>Set SSH Client Alive Count Max</td>
+  <td>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</td>
   <td xml:lang="en-US">
-The SSH server sends at most <tt>ClientAliveCountMax</tt> messages
-during a SSH session and waits for a response from the SSH client.
-The option <tt>ClientAliveInterval</tt> configures timeout after
-each <tt>ClientAliveCountMax</tt> message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
-and terminated.
-For SSH earlier than v8.2, a <tt>ClientAliveCountMax</tt> value of <tt>0</tt>
/usr/share/doc/scap-security-guide/tables/table-rhel8-anssirefs.html differs (HTML document, UTF-8 Unicode text)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel8-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel8-anssirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,35 +42,73 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>BP28(R1)<br/>NT007(R03)</td>
-  <td>Uninstall the telnet server</td>
+  <td>BP28(R1)</td>
+  <td>Uninstall telnet-server Package</td>
   <td xml:lang="en-US">
-The telnet daemon should be uninstalled.
+The <code>telnet-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase telnet-server</pre>
   </td>
   <td xml:lang="en-US">
-<tt>telnet</tt> allows clear text communications, and does not protect
-any data transmission between client and server. Any confidential data
-can be listened and no integrity checking is made.'
+It is detrimental for operating systems to provide, or install by default,
+functionality exceeding requirements or mission objectives. These
+unnecessary capabilities are often overlooked and therefore may remain
+unsecure. They increase the risk to the platform by providing additional
+attack vectors.
+<br />
+The telnet service provides an unencrypted remote access service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session. If a privileged user were to login using this service, the
+privileged user password could be compromised.
+<br />
+Removing the <tt>telnet-server</tt> package decreases the risk of the
+telnet service's accidental (or intentional) activation.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall rsh Package</td>
+  <td>Uninstall ypserv Package</td>
   <td xml:lang="en-US">
-
-The <tt>rsh</tt> package contains the client commands
-
-for the rsh services
+The <code>ypserv</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase ypserv</pre>
   </td>
   <td xml:lang="en-US">
-These legacy clients contain numerous security exposures and have
-been replaced with the more secure SSH package. Even if the server is removed,
-it is best to ensure the clients are also removed to prevent users from
-inadvertently attempting to use these commands and therefore exposing
-
-their credentials. Note that removing the <tt>rsh</tt> package removes
+The NIS service provides an unencrypted authentication service which does
+not provide for the confidentiality and integrity of user passwords or the
+remote session.
 
-the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
+Removing the <tt>ypserv</tt> package decreases the risk of the accidental
+(or intentional) activation of NIS or NIS+ services.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)</td>
+  <td>Uninstall rsh-server Package</td>
+  <td xml:lang="en-US">
+The <code>rsh-server</code> package can be removed with the following command:
+<pre>
+$ sudo yum erase rsh-server</pre>
+  </td>
+  <td xml:lang="en-US">
+The <tt>rsh-server</tt> service provides unencrypted remote access service which does not
+provide for the confidentiality and integrity of user passwords or the remote session and has very weak
+authentication. If a privileged user were to login using this service, the privileged user password
+could be compromised. The <tt>rsh-server</tt> package provides several obsolete and insecure
+network services. Removing it decreases the risk of those services' accidental (or intentional)
+activation.
+  </td>
+</tr>
+<tr>
+  <td>BP28(R1)<br/>NT007(R03)</td>
+  <td>Uninstall the telnet server</td>
+  <td xml:lang="en-US">
+The telnet daemon should be uninstalled.
+  </td>
+  <td xml:lang="en-US">
+<tt>telnet</tt> allows clear text communications, and does not protect
+any data transmission between client and server. Any confidential data
+can be listened and no integrity checking is made.'
   </td>
 </tr>
 <tr>
@@ -106,47 +144,6 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall telnet-server Package</td>
-  <td xml:lang="en-US">
-The <code>telnet-server</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase telnet-server</pre>
-  </td>
-  <td xml:lang="en-US">
-It is detrimental for operating systems to provide, or install by default,
-functionality exceeding requirements or mission objectives. These
-unnecessary capabilities are often overlooked and therefore may remain
-unsecure. They increase the risk to the platform by providing additional
-attack vectors.
-<br />
-The telnet service provides an unencrypted remote access service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session. If a privileged user were to login using this service, the
-privileged user password could be compromised.
-<br />
-Removing the <tt>telnet-server</tt> package decreases the risk of the
-telnet service's accidental (or intentional) activation.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
-  <td>Uninstall ypserv Package</td>
-  <td xml:lang="en-US">
-The <code>ypserv</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase ypserv</pre>
-  </td>
-  <td xml:lang="en-US">
-The NIS service provides an unencrypted authentication service which does
-not provide for the confidentiality and integrity of user passwords or the
-remote session.
-
-Removing the <tt>ypserv</tt> package decreases the risk of the accidental
-(or intentional) activation of NIS or NIS+ services.
-  </td>
-</tr>
-<tr>
-  <td>BP28(R1)</td>
   <td>Uninstall Sendmail Package</td>
   <td xml:lang="en-US">
 Sendmail is not the default mail transfer agent and is
@@ -163,30 +160,38 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall talk-server Package</td>
+  <td>Uninstall tftp-server Package</td>
   <td xml:lang="en-US">
-The <code>talk-server</code> package can be removed with the following command: <pre> $ sudo yum erase talk-server</pre>
+The <code>tftp-server</code> package can be removed with the following command: <pre> $ sudo yum erase tftp-server</pre>
   </td>
   <td xml:lang="en-US">
-The talk software presents a security risk as it uses unencrypted protocols
-for communications. Removing the <tt>talk-server</tt> package decreases the
-risk of the accidental (or intentional) activation of talk services.
+Removing the <tt>tftp-server</tt> package decreases the risk of the accidental
+(or intentional) activation of tftp services.
+<br /><br />
+If TFTP is required for operational support (such as transmission of router
+configurations), its use must be documented with the Information Systems
+Securty Manager (ISSM), restricted to only authorized personnel, and have
+access control rules established.
   </td>
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall DHCP Server Package</td>
+  <td>Uninstall rsh Package</td>
   <td xml:lang="en-US">
-If the system does not need to act as a DHCP server,
-the dhcp package can be uninstalled.
 
-The <code>dhcp-server</code> package can be removed with the following command:
-<pre>
-$ sudo yum erase dhcp-server</pre>
+The <tt>rsh</tt> package contains the client commands
+
+for the rsh services
   </td>
   <td xml:lang="en-US">
-Removing the DHCP server ensures that it cannot be easily or
-accidentally reactivated and disrupt network operation.
+These legacy clients contain numerous security exposures and have
+been replaced with the more secure SSH package. Even if the server is removed,
+it is best to ensure the clients are also removed to prevent users from
+inadvertently attempting to use these commands and therefore exposing
+
+their credentials. Note that removing the <tt>rsh</tt> package removes
+
+the clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.
   </td>
 </tr>
 <tr>
@@ -219,18 +224,18 @@
 </tr>
 <tr>
   <td>BP28(R1)</td>
-  <td>Uninstall tftp-server Package</td>
+  <td>Uninstall DHCP Server Package</td>
/usr/share/doc/scap-security-guide/tables/table-rhel8-cisrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel8-cisrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel8-cisrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -672,44 +672,44 @@
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/grub2/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Permissions</td>
   <td xml:lang="en-US">
-The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+File permissions for <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should be set to 700.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the permissions of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chmod 700 /boot/efi/EFI/redhat/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+Proper permissions ensure that only the root user can modify important boot
+parameters.
   </td>
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/grub2/grub.cfg</tt> should
+The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
 be group-owned by the <tt>root</tt> group to prevent
 destruction or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
 The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
@@ -718,51 +718,51 @@
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Permissions</td>
   <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+File permissions for <tt>/boot/grub2/grub.cfg</tt> should be set to 600.
 
-To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
+To properly set the permissions of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chmod 600 /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Proper permissions ensure that only the root user can modify important boot
+parameters.
   </td>
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Permissions</td>
+  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
   <td xml:lang="en-US">
-File permissions for <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should be set to 700.
+The file <tt>/boot/grub2/grub.cfg</tt> should
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the permissions of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chmod 700 /boot/efi/EFI/redhat/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-Proper permissions ensure that only the root user can modify important boot
-parameters.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>1.5.1</td>
-  <td>Verify /boot/grub2/grub.cfg Permissions</td>
+  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
   <td xml:lang="en-US">
-File permissions for <tt>/boot/grub2/grub.cfg</tt> should be set to 600.
+The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the permissions of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chmod 600 /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-Proper permissions ensure that only the root user can modify important boot
-parameters.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>1.5.2</td>
-  <td>Set Boot Loader Password in grub2</td>
+  <td>Set the UEFI Boot Loader Password</td>
   <td xml:lang="en-US">
 The grub2 boot loader should have a superuser account and password
 protection enabled to protect boot-time settings.
@@ -784,7 +784,7 @@
 </tr>
 <tr>
   <td>1.5.2</td>
-  <td>Set the UEFI Boot Loader Password</td>
+  <td>Set Boot Loader Password in grub2</td>
   <td xml:lang="en-US">
 The grub2 boot loader should have a superuser account and password
 protection enabled to protect boot-time settings.
@@ -806,14 +806,15 @@
 </tr>
 <tr>
   <td>1.5.3</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -823,15 +824,14 @@
 </tr>
 <tr>
   <td>1.5.3</td>
-  <td>Require Authentication for Single User Mode</td>
+  <td>Require Authentication for Emergency Systemd Target</td>
   <td xml:lang="en-US">
-Single-user mode is intended as a system recovery
-method, providing a single user root access to the system by
-providing a boot option at startup. By default, no authentication
-is performed if single-user mode is selected.
+Emergency mode is intended as a system recovery
+method, providing a single user root access to the system
+during a failed boot sequence.
 <br /><br />
-By default, single-user mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/rescue.service</tt>.
+By default, Emergency mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/emergency.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -863,17 +863,17 @@
 </tr>
 <tr>
   <td>1.6.1</td>
-  <td>Disable Core Dumps for SUID programs</td>
+  <td>Disable Core Dumps for All Users</td>
   <td xml:lang="en-US">
-To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=0</pre>
-To make sure that the setting is persistent, add the following line to a file in the directory <tt>/etc/sysctl.d</tt>: <pre>fs.suid_dumpable = 0</pre>
/usr/share/doc/scap-security-guide/tables/table-rhel8-cuirefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel8-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel8-cuirefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,15 @@
 </thead>
 <tr>
   <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -59,6 +60,27 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Verify Only Root Has UID 0</td>
+  <td xml:lang="en-US">
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
+  </td>
+  <td xml:lang="en-US">
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
+  </td>
+</tr>
+<tr>
   <td>3.1.1</td>
   <td>Disable GDM Guest Login</td>
   <td xml:lang="en-US">
@@ -76,6 +98,31 @@
   </td>
 </tr>
 <tr>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Disable SSH Access via Empty Passwords</td>
+  <td xml:lang="en-US">
+Disallow SSH login with empty passwords.
+The default SSH configuration disables logins with empty passwords. The appropriate
+configuration is used if no value is set for <tt>PermitEmptyPasswords</tt>.
+<br />
+To explicitly disallow SSH login from accounts with empty passwords,
+add or correct the following line in
+
+
+<tt>/etc/ssh/sshd_config</tt>:
+
+<br />
+<pre>PermitEmptyPasswords no</pre>
+Any accounts with empty passwords should be disabled immediately, and PAM configuration
+should prevent users from being able to assign themselves empty passwords.
+  </td>
+  <td xml:lang="en-US">
+Configuring this setting for the SSH daemon provides additional assurance
+that remote login via SSH will require a password, even in the event of
+misconfiguration elsewhere.
+  </td>
+</tr>
+<tr>
   <td>3.1.1<br/>3.1.6</td>
   <td>Direct root Logins Not Allowed</td>
   <td xml:lang="en-US">
@@ -103,17 +150,21 @@
 </tr>
 <tr>
   <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Serial Port Root Logins</td>
+  <td>Prevent Login to Accounts With Empty Password</td>
   <td xml:lang="en-US">
-To restrict root logins on serial ports,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>ttyS0
-ttyS1</pre>
+If an account is configured for password authentication
+but does not have an assigned password, it may be possible to log
+into the account without authentication. Remove any instances of the
+<tt>nullok</tt> in
+
+<tt>/etc/pam.d/system-auth</tt>
+
+to prevent logins with empty passwords.
   </td>
   <td xml:lang="en-US">
-Preventing direct root login to serial port interfaces
-helps ensure accountability for actions taken on the systems
-using the root account.
+If an account has an empty password, anyone could log in and
+run commands with the privileges of that account. Accounts with
+empty passwords should never be used in operational environments.
   </td>
 </tr>
 <tr>
@@ -134,41 +185,20 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Restrict Virtual Console Root Logins</td>
-  <td xml:lang="en-US">
-To restrict root logins through the (deprecated) virtual console devices,
-ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
-<pre>vc/1
-vc/2
-vc/3
-vc/4</pre>
-  </td>
-  <td xml:lang="en-US">
-Preventing direct root login to virtual console devices
-helps ensure accountability for actions taken on the system
-using the root account.
-  </td>
-</tr>
-<tr>
-  <td>3.1.1<br/>3.1.5</td>
-  <td>Verify Only Root Has UID 0</td>
+  <td>3.1.1<br/>3.4.5</td>
+  <td>Require Authentication for Emergency Systemd Target</td>
   <td xml:lang="en-US">
-If any account other than root has a UID of 0, this misconfiguration should
-be investigated and the accounts other than root should be removed or have
-their UID changed.
-<br />
-If the account is associated with system commands or applications the UID
-should be changed to one greater than "0" but less than "1000."
-Otherwise assign a UID greater than "1000" that has not already been
-assigned.
+Emergency mode is intended as a system recovery
+method, providing a single user root access to the system
+during a failed boot sequence.
+<br /><br />
+By default, Emergency mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/emergency.service</tt>.
   </td>
   <td xml:lang="en-US">
-An account has root authority if it has a UID of 0. Multiple accounts
-with a UID of 0 afford more opportunity for potential intruders to
-guess a password for a privileged account. Proper configuration of
-sudo is recommended to afford multiple system administrators
-access to root privileges in an accountable manner.
+This prevents attackers with physical access from trivially bypassing security
+on the machine and gaining root access. Such accesses are further prevented
+by configuring the bootloader password.
   </td>
 </tr>
 <tr>
@@ -193,65 +223,64 @@
   </td>
 </tr>
 <tr>
-  <td>3.1.1<br/>3.4.5</td>
-  <td>Require Authentication for Single User Mode</td>
+  <td>3.1.1<br/>3.1.5</td>
+  <td>Restrict Virtual Console Root Logins</td>
   <td xml:lang="en-US">
-Single-user mode is intended as a system recovery
-method, providing a single user root access to the system by
-providing a boot option at startup. By default, no authentication
-is performed if single-user mode is selected.
-<br /><br />
-By default, single-user mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/rescue.service</tt>.
+To restrict root logins through the (deprecated) virtual console devices,
+ensure lines of this form do not appear in <tt>/etc/securetty</tt>:
+<pre>vc/1
+vc/2
+vc/3
+vc/4</pre>
   </td>
   <td xml:lang="en-US">
-This prevents attackers with physical access from trivially bypassing security
-on the machine and gaining root access. Such accesses are further prevented
-by configuring the bootloader password.
+Preventing direct root login to virtual console devices
+helps ensure accountability for actions taken on the system
+using the root account.
   </td>
 </tr>
 <tr>
/usr/share/doc/scap-security-guide/tables/table-rhel8-nistrefs.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel8-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel8-nistrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -42,38 +42,16 @@
   <td>Rationale</td>
 </thead>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Ensure auditd Collects File Deletion Events by User - rename</td>
-  <td xml:lang="en-US">
-At a minimum, the audit system should collect file deletion events
-for all users and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file, setting ARCH to either b32 or b64 as
-appropriate for your system:
-<pre>-a always,exit -F arch=ARCH -S rename -F auid&gt;=1000 -F auid!=unset -F key=delete</pre>
-  </td>
-  <td xml:lang="en-US">
-Auditing file deletions will create an audit trail for files that are removed
-from the system. The audit trail could aid in system troubleshooting, as well as, detecting
-malicious processes that attempt to delete log files to conceal their presence.
-  </td>
-</tr>
-<tr>
   <td>IA-2<br/>AC-3<br/>CM-6(a)</td>
-  <td>Require Authentication for Emergency Systemd Target</td>
+  <td>Require Authentication for Single User Mode</td>
   <td xml:lang="en-US">
-Emergency mode is intended as a system recovery
-method, providing a single user root access to the system
-during a failed boot sequence.
+Single-user mode is intended as a system recovery
+method, providing a single user root access to the system by
+providing a boot option at startup. By default, no authentication
+is performed if single-user mode is selected.
 <br /><br />
-By default, Emergency mode is protected by requiring a password and is set
-in <tt>/usr/lib/systemd/system/emergency.service</tt>.
+By default, single-user mode is protected by requiring a password and is set
+in <tt>/usr/lib/systemd/system/rescue.service</tt>.
   </td>
   <td xml:lang="en-US">
 This prevents attackers with physical access from trivially bypassing security
@@ -82,142 +60,110 @@
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Access Events to Audit Log Directory</td>
+  <td>IA-2<br/>AC-6(5)<br/>IA-4(b)</td>
+  <td>Verify Only Root Has UID 0</td>
   <td xml:lang="en-US">
-The audit system should collect access events to read audit log directory.
-The following audit rule will assure that access to audit log directory are
-collected.
-<pre>-a always,exit -F dir=/var/log/audit/ -F perm=r -F auid>=1000 -F auid!=unset -F key=access-audit-trail</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt>
-program to read audit rules during daemon startup (the default), add the
-rule to a file with suffix <tt>.rules</tt> in the directory
-<tt>/etc/audit/rules.d</tt>.
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the rule to
-<tt>/etc/audit/audit.rules</tt> file.
+If any account other than root has a UID of 0, this misconfiguration should
+be investigated and the accounts other than root should be removed or have
+their UID changed.
+<br />
+If the account is associated with system commands or applications the UID
+should be changed to one greater than "0" but less than "1000."
+Otherwise assign a UID greater than "1000" that has not already been
+assigned.
   </td>
   <td xml:lang="en-US">
-Attempts to read the logs should be recorded, suspicious access to audit log files could be an indicator of malicious activity on a system.
-Auditing these events could serve as evidence of potential system compromise.'
+An account has root authority if it has a UID of 0. Multiple accounts
+with a UID of 0 afford more opportunity for potential intruders to
+guess a password for a privileged account. Proper configuration of
+sudo is recommended to afford multiple system administrators
+access to root privileges in an accountable manner.
   </td>
 </tr>
 <tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Events that Modify the System's Mandatory Access Controls</td>
+  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
+  <td>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following line to
-<tt>/etc/audit/audit.rules</tt> file:
-<pre>-w /etc/selinux/ -p wa -k MAC-policy</pre>
+To capture kernel module unloading events, use following line, setting ARCH to
+either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit:
+
+<pre>-a always,exit -F arch=<i>ARCH</i> -S delete_module -F auid>=1000 -F auid!=unset -F key=modules</pre>
+
+
+Place to add the line depends on a way <tt>auditd</tt> daemon is configured. If it is configured
+to use the <tt>augenrules</tt> program (the default), add the line to a file with suffix
+<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>.
+
+If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt> utility,
+add the line to file <tt>/etc/audit/audit.rules</tt>.
   </td>
   <td xml:lang="en-US">
-The system's mandatory access policy (SELinux) should not be
-arbitrarily changed by anything other than administrator action. All changes to
-MAC policy should be audited.
+The removal of kernel modules can be used to alter the behavior of
+the kernel and potentially introduce malicious code into kernel space. It is important
+to have an audit trail of modules that have been introduced into the kernel.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>CM-6(a)</td>
-  <td>Record Unsuccessful Access Attempts to Files - creat</td>
+  <td>Record Events that Modify the System's Discretionary Access Controls - fchownat</td>
   <td xml:lang="en-US">
-At a minimum, the audit system should collect unauthorized file
-accesses for all users and root. If the <tt>auditd</tt> daemon is configured
+At a minimum, the audit system should collect file permission
+changes for all users and root. If the <tt>auditd</tt> daemon is configured
 to use the <tt>augenrules</tt> program to read audit rules during daemon
-startup (the default), add the following lines to a file with suffix
+startup (the default), add the following line to a file with suffix
 <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
 If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
+utility to read audit rules during daemon startup, add the following line to
 <tt>/etc/audit/audit.rules</tt> file:
-<pre>-a always,exit -F arch=b32 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b32 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-If the system is 64 bit then also add the following lines:
-<pre>
--a always,exit -F arch=b64 -S creat -F exit=-EACCES -F auid&gt;=1000 -F auid!=unset -F key=access
--a always,exit -F arch=b64 -S creat -F exit=-EPERM -F auid&gt;=1000 -F auid!=unset -F key=access</pre>
-  </td>
-  <td xml:lang="en-US">
-Unsuccessful attempts to access files could be an indicator of malicious activity on a system. Auditing
-these events could serve as evidence of potential system compromise.
-  </td>
-</tr>
-<tr>
-  <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Logon and Logout Events - lastlog</td>
-  <td xml:lang="en-US">
-The audit system already collects login information for all users
-and root. If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following lines to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt> in order to watch for attempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
-If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-utility to read audit rules during daemon startup, add the following lines to
-<tt>/etc/audit/audit.rules</tt> file in order to watch for unattempted manual
-edits of files involved in storing logon events:
-<pre>-w /var/log/lastlog -p wa -k logins</pre>
+<pre>-a always,exit -F arch=b32 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
+If the system is 64 bit then also add the following line:
+<pre>-a always,exit -F arch=b64 -S fchownat -F auid&gt;=1000 -F auid!=unset -F key=perm_mod</pre>
   </td>
   <td xml:lang="en-US">
-Manual editing of these files may indicate nefarious activity, such
-as an attacker attempting to remove evidence of an intrusion.
+The changing of file permissions could indicate that a user is attempting to
+gain access to information that would otherwise be disallowed. Auditing DAC modifications
+can facilitate the identification of patterns of abuse among both authorized and
+unauthorized users.
   </td>
 </tr>
 <tr>
   <td>AU-2(d)<br/>AU-12(c)<br/>AC-6(9)<br/>CM-6(a)</td>
-  <td>Record Attempts to Alter Time Through clock_settime</td>
+  <td>Record Access Events to Audit Log Directory</td>
   <td xml:lang="en-US">
-If the <tt>auditd</tt> daemon is configured to use the
-<tt>augenrules</tt> program to read audit rules during daemon startup (the
-default), add the following line to a file with suffix <tt>.rules</tt> in the
-directory <tt>/etc/audit/rules.d</tt>:
/usr/share/doc/scap-security-guide/tables/table-rhel8-pcidssrefs.html differs (HTML document, ASCII text, with very long lines)
--- old//usr/share/doc/scap-security-guide/tables/table-rhel8-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/tables/table-rhel8-pcidssrefs.html	2022-07-15 00:00:00.000000000 +0000
@@ -76,30 +76,25 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
+  <td>Ensure Software Patches Installed</td>
   <td xml:lang="en-US">
-The <tt>gpgcheck</tt> option controls whether
-RPM packages' signatures are always checked prior to installation.
-To configure yum to check package signatures before installing
-them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
-the <tt>[main]</tt> section:
-<pre>gpgcheck=1</pre>
+
+If the system is joined to the Red Hat Network, a Red Hat Satellite Server,
+or a yum server, run the following command to install updates:
+<pre>$ sudo yum update</pre>
+If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+can be manually downloaded from the Red Hat Network and installed using <tt>rpm</tt>.
+
+<br /><br />
+NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
+dictates.
   </td>
   <td xml:lang="en-US">
-Changes to any software components can have significant effects on the
-overall security of the operating system. This requirement ensures the
-software has not been tampered with and that it has been provided by a
-trusted vendor.
-<br />
-Accordingly, patches, service packs, device drivers, or operating system
-components must be signed with a certificate recognized and approved by the
-organization.
-<br />Verifying the authenticity of the software prior to installation
-validates the integrity of the patch or upgrade received from a vendor.
-This ensures the software has not been tampered with and that it has been
-provided by a trusted vendor. Self-signed certificates are disallowed by
-this requirement. Certificates used to verify the software must be from an
-approved Certificate Authority (CA).
+Installing software updates is a fundamental mitigation against
+the exploitation of publicly-known vulnerabilities. If the most
+recent security patches and updates are not installed, unauthorized
+users may take advantage of weaknesses in the unpatched software. The
+lack of prompt attention to patching could result in a system compromise.
   </td>
 </tr>
 <tr>
@@ -133,87 +128,92 @@
 </tr>
 <tr>
   <td>Req-6.2</td>
-  <td>Ensure Software Patches Installed</td>
+  <td>Ensure gpgcheck Enabled In Main yum Configuration</td>
   <td xml:lang="en-US">
-
-If the system is joined to the Red Hat Network, a Red Hat Satellite Server,
-or a yum server, run the following command to install updates:
-<pre>$ sudo yum update</pre>
-If the system is not configured to use one of these sources, updates (in the form of RPM packages)
-can be manually downloaded from the Red Hat Network and installed using <tt>rpm</tt>.
-
-<br /><br />
-NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy
-dictates.
+The <tt>gpgcheck</tt> option controls whether
+RPM packages' signatures are always checked prior to installation.
+To configure yum to check package signatures before installing
+them, ensure the following line appears in <tt>/etc/yum.conf</tt> in
+the <tt>[main]</tt> section:
+<pre>gpgcheck=1</pre>
   </td>
   <td xml:lang="en-US">
-Installing software updates is a fundamental mitigation against
-the exploitation of publicly-known vulnerabilities. If the most
-recent security patches and updates are not installed, unauthorized
-users may take advantage of weaknesses in the unpatched software. The
-lack of prompt attention to patching could result in a system compromise.
+Changes to any software components can have significant effects on the
+overall security of the operating system. This requirement ensures the
+software has not been tampered with and that it has been provided by a
+trusted vendor.
+<br />
+Accordingly, patches, service packs, device drivers, or operating system
+components must be signed with a certificate recognized and approved by the
+organization.
+<br />Verifying the authenticity of the software prior to installation
+validates the integrity of the patch or upgrade received from a vendor.
+This ensures the software has not been tampered with and that it has been
+provided by a trusted vendor. Self-signed certificates are disallowed by
+this requirement. Certificates used to verify the software must be from an
+approved Certificate Authority (CA).
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/grub2/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
+To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
   <td xml:lang="en-US">
-The file <tt>/boot/grub2/grub.cfg</tt> should
-be owned by the <tt>root</tt> user to prevent destruction
-or modification of the file.
+The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
+be group-owned by the <tt>root</tt> group to prevent
+destruction or modification of the file.
 
-To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
+To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
   </td>
   <td xml:lang="en-US">
-Only root should be able to modify important boot parameters.
+The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
+file should not have any access privileges anyway.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify /boot/grub2/grub.cfg Group Ownership</td>
+  <td>Verify /boot/grub2/grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/grub2/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/grub2/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/grub2/grub.cfg</pre>
+To properly set the owner of <code>/boot/grub2/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/grub2/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
   <td>Req-7.1</td>
-  <td>Verify the UEFI Boot Loader grub.cfg Group Ownership</td>
+  <td>Verify the UEFI Boot Loader grub.cfg User Ownership</td>
   <td xml:lang="en-US">
 The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should
-be group-owned by the <tt>root</tt> group to prevent
-destruction or modification of the file.
+be owned by the <tt>root</tt> user to prevent destruction
+or modification of the file.
 
-To properly set the group owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
-<pre>$ sudo chgrp root /boot/efi/EFI/redhat/grub.cfg</pre>
+To properly set the owner of <code>/boot/efi/EFI/redhat/grub.cfg</code>, run the command:
+<pre>$ sudo chown root /boot/efi/EFI/redhat/grub.cfg </pre>
   </td>
   <td xml:lang="en-US">
-The <tt>root</tt> group is a highly-privileged group. Furthermore, the group-owner of this
-file should not have any access privileges anyway.
+Only root should be able to modify important boot parameters.
   </td>
 </tr>
 <tr>
@@ -290,24 +290,42 @@
 </tr>
 <tr>
   <td>Req-8.1.8</td>
-  <td>Set SSH Client Alive Count Max</td>
+  <td>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</td>
   <td xml:lang="en-US">
-The SSH server sends at most <tt>ClientAliveCountMax</tt> messages
-during a SSH session and waits for a response from the SSH client.
-The option <tt>ClientAliveInterval</tt> configures timeout after
-each <tt>ClientAliveCountMax</tt> message. If the SSH server does not
-receive a response from the client, then the connection is considered idle
-and terminated.
-For SSH earlier than v8.2, a <tt>ClientAliveCountMax</tt> value of <tt>0</tt>
/usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml differs (ASCII text, with very long lines)
--- old//usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml	2022-07-15 00:00:00.000000000 +0000
@@ -1,4 +1,4 @@
-<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2022-07-18T21:42:36.300000">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 7</xccdf-1.2:title>
+<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2022-07-18T21:43:52.406837">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 7</xccdf-1.2:title>
         <xccdf-1.2:description override="true">This profile contains configuration checks that align to the
 DISA STIG for Red Hat Enterprise Linux V3R7.
 
/usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml differs (ASCII text, with very long lines)
--- old//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml	2022-07-15 00:00:00.000000000 +0000
@@ -1,4 +1,4 @@
-<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2022-07-18T21:45:51.106124">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title>
+<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_content-disa-delta_tailoring_default"><xccdf-1.2:version time="2022-07-18T21:47:53.215977">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring" extends="xccdf_org.ssgproject.content_profile_stig"><xccdf-1.2:title override="true">DISA STIG for Red Hat Enterprise Linux 8</xccdf-1.2:title>
         <xccdf-1.2:description override="true">This profile contains configuration checks that align to the
 DISA STIG for Red Hat Enterprise Linux 8 V1R6.
 
/usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -205,14 +205,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -220,29 +225,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -250,34 +266,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -289,14 +305,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -304,20 +315,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -325,24 +325,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2215,11 +2215,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -207,14 +207,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -222,29 +227,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -252,34 +268,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -291,14 +307,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -306,20 +317,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -327,24 +327,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2217,11 +2217,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml differs (ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -51,14 +51,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit" />
+        <cpe-lang:fact-ref name="cpe:/a:uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam" />
+        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -66,29 +71,40 @@
         <cpe-lang:fact-ref name="cpe:/a:yum" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+        <cpe-lang:fact-ref name="cpe:/a:polkit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit" />
+        <cpe-lang:fact-ref name="cpe:/a:libuser" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2" />
+        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="wifi-iface">
@@ -96,34 +112,34 @@
         <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
+        <cpe-lang:fact-ref name="cpe:/a:postfix" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix" />
+        <cpe-lang:fact-ref name="cpe:/a:pam" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:audit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -135,14 +151,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo" />
+        <cpe-lang:fact-ref name="cpe:/a:gdm" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -150,20 +161,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+        <cpe-lang:fact-ref name="cpe:/a:sudo" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -171,24 +171,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm" />
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2061,11 +2061,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -241,14 +241,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -256,69 +261,75 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="no_ovirt">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -330,14 +341,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="no_ovirt">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -345,25 +356,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -371,24 +371,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -243,14 +243,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -258,69 +263,75 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="no_ovirt">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -332,14 +343,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="no_ovirt">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -347,25 +358,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -373,24 +373,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml differs (ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -51,14 +51,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit" />
+        <cpe-lang:fact-ref name="cpe:/a:uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam" />
+        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -66,69 +71,75 @@
         <cpe-lang:fact-ref name="cpe:/a:yum" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+        <cpe-lang:fact-ref name="cpe:/a:polkit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit" />
+        <cpe-lang:fact-ref name="cpe:/a:libuser" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2" />
+        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
+        <cpe-lang:fact-ref name="cpe:/a:sssd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:postfix" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="no_ovirt">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:no_ovirt" />
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix" />
+        <cpe-lang:fact-ref name="cpe:/a:pam" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:audit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -140,14 +151,14 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="no_ovirt">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser" />
+        <cpe-lang:fact-ref name="cpe:/a:no_ovirt" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo" />
+        <cpe-lang:fact-ref name="cpe:/a:gdm" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -155,25 +166,14 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
       <cpe-lang:logical-test operator="AND" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:usbguard" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+        <cpe-lang:fact-ref name="cpe:/a:sudo" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -181,24 +181,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -189,29 +189,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -219,34 +219,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -254,35 +255,29 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -290,9 +285,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -300,14 +295,14 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="not_aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -315,9 +310,14 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="non-uefi">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7824,11 +7824,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7837,6 +7832,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -191,29 +191,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -221,34 +221,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -256,35 +257,29 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -292,9 +287,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -302,14 +297,14 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="not_aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -317,9 +312,14 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="non-uefi">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7826,11 +7826,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7839,6 +7834,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml differs (ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -51,29 +51,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit" />
+        <cpe-lang:fact-ref name="cpe:/a:uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam" />
+        <cpe-lang:fact-ref name="cpe:/a:systemd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="yum">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:yum" />
+        <cpe-lang:fact-ref name="cpe:/a:grub2" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="yum">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
+        <cpe-lang:fact-ref name="cpe:/a:yum" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="polkit">
@@ -81,34 +81,35 @@
         <cpe-lang:fact-ref name="cpe:/a:polkit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2" />
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
+        <cpe-lang:fact-ref name="cpe:/a:libuser" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:sssd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -116,35 +117,29 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser" />
+        <cpe-lang:fact-ref name="cpe:/a:pam" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo" />
+        <cpe-lang:fact-ref name="cpe:/a:audit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine" />
+        <cpe-lang:fact-ref name="cpe:/a:gdm" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+        <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
@@ -152,9 +147,9 @@
         <cpe-lang:fact-ref name="cpe:/a:usbguard" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+        <cpe-lang:fact-ref name="cpe:/a:sudo" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -162,14 +157,14 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="not_aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+        <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -177,9 +172,14 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm" />
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="non-uefi">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -7686,11 +7686,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7699,6 +7694,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -175,14 +175,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -190,9 +190,9 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -200,29 +200,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
-          <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -230,9 +236,19 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="pam">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="audit">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -244,14 +260,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -259,25 +270,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -285,9 +285,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -295,9 +295,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2240,11 +2240,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2253,6 +2248,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -10137,11 +10137,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=sudo
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -175,14 +175,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -190,9 +190,9 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -200,29 +200,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
-          <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -230,9 +236,19 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="pam">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="audit">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -244,14 +260,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -259,25 +270,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -285,9 +285,9 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -295,9 +295,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2240,11 +2240,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2253,6 +2248,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -10137,11 +10137,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=sudo
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-fedora-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,670 +7,676 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_refcount_full_ocil:questionnaire:1">
-      <ocil:title>Perform full reference count validation</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_refcount_full_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_log_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /var/log</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_log_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
+      <ocil:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-gnome_gdm_disable_guest_login_ocil:questionnaire:1">
+      <ocil:title>Disable GDM Guest Login</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_guest_login_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_successful_file_modification_removexattr_ocil:questionnaire:1">
+      <ocil:title>Record Successful Permission Changes to Files - removexattr</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_removexattr_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,9 +58,9 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="polkit">
@@ -68,29 +68,35 @@
         <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
-      <cpe-lang:logical-test operator="AND" negate="false">
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="wifi-iface">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -98,9 +104,19 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="pam">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="audit">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -112,14 +128,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -127,25 +138,14 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
       <cpe-lang:logical-test operator="AND" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -153,9 +153,9 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -163,9 +163,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2108,11 +2108,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2121,6 +2116,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -10005,11 +10005,6 @@
           <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=sudo
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -167,59 +167,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -227,49 +228,48 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine_and_chrony_or_ntp">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:logical-test operator="OR" negate="false">
-              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-            </cpe-lang:logical-test>
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="machine_and_chrony_or_ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:logical-test operator="OR" negate="false">
+              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            </cpe-lang:logical-test>
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="machine">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -277,24 +277,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -6451,11 +6451,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
/usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -169,59 +169,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -229,49 +230,48 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine_and_chrony_or_ntp">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:logical-test operator="OR" negate="false">
-              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-            </cpe-lang:logical-test>
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="machine_and_chrony_or_ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:logical-test operator="OR" negate="false">
+              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            </cpe-lang:logical-test>
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="machine">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -279,24 +279,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -6453,11 +6453,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
/usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol7-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,766 +7,760 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-configure_firewalld_rate_limiting_ocil:questionnaire:1">
-      <ocil:title>Configure firewalld To Rate Limit Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-configure_firewalld_rate_limiting_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
+      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
-      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-install_mcafee_hbss_accm_ocil:questionnaire:1">
+      <ocil:title>Install the Asset Configuration Compliance Module (ACCM)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-install_mcafee_hbss_accm_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_squid_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall squid Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_squid_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sudo_add_ignore_dot_ocil:questionnaire:1">
-      <ocil:title>Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sudo_add_ignore_dot_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_use_approved_ciphers_ordered_stig_ocil:questionnaire:1">
+      <ocil:title>Use Only FIPS 140-2 Validated Ciphers</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_use_approved_ciphers_ordered_stig_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_log_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /var/log</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_log_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
+      <ocil:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,59 +43,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="yum">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:yum"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="yum">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -103,49 +104,48 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine_and_chrony_or_ntp">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:logical-test operator="OR" negate="false">
-          <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-          <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-        </cpe-lang:logical-test>
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="machine_and_chrony_or_ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:logical-test operator="OR" negate="false">
+          <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+          <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        </cpe-lang:logical-test>
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+    <cpe-lang:platform id="machine">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -153,24 +153,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -6327,11 +6327,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
/usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -171,59 +171,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -231,44 +232,43 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine_and_chrony_or_ntp">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:logical-test operator="OR" negate="false">
-              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-            </cpe-lang:logical-test>
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="machine_and_chrony_or_ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:logical-test operator="OR" negate="false">
+              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            </cpe-lang:logical-test>
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="machine">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -276,9 +276,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -286,24 +286,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -6559,11 +6559,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -173,59 +173,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -233,44 +234,43 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine_and_chrony_or_ntp">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:logical-test operator="OR" negate="false">
-              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-            </cpe-lang:logical-test>
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="machine_and_chrony_or_ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:logical-test operator="OR" negate="false">
+              <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+              <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            </cpe-lang:logical-test>
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="machine">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -278,9 +278,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -288,24 +288,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -6561,11 +6561,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol8-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,1666 +7,1660 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
+      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
-      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-install_mcafee_hbss_accm_ocil:questionnaire:1">
+      <ocil:title>Install the Asset Configuration Compliance Module (ACCM)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-install_mcafee_hbss_accm_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_group_ownership_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>System Audit Directories Must Be Group Owned By Root</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_group_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_squid_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall squid Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_squid_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sudo_add_ignore_dot_ocil:questionnaire:1">
-      <ocil:title>Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_log_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /var/log</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sudo_add_ignore_dot_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_log_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
+      <ocil:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,59 +43,60 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="yum">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:yum"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="yum">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -103,44 +104,43 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine_and_chrony_or_ntp">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:logical-test operator="OR" negate="false">
-          <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-          <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-        </cpe-lang:logical-test>
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="machine_and_chrony_or_ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:logical-test operator="OR" negate="false">
+          <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+          <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        </cpe-lang:logical-test>
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+    <cpe-lang:platform id="machine">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
@@ -148,9 +148,9 @@
         <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -158,24 +158,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -6431,11 +6431,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
/usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -143,14 +143,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -158,64 +158,64 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -223,9 +223,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3434,11 +3434,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=gnutls-utils
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3447,6 +3442,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3486,11 +3486,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=nss-tools
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3499,6 +3494,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5758,6 +5758,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</xccdf-1.2:rationale>
                 <xccdf-1.2:platform idref="#machine"/>
+                <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="no_empty_passwords">---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</xccdf-1.2:fix>
                 <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="no_empty_passwords" complexity="low" disruption="medium" reboot="false" strategy="configure"># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
@@ -5930,26 +5950,6 @@
     - no_empty_passwords
     - no_reboot_needed
/usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -145,14 +145,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -160,64 +160,64 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -225,9 +225,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3436,11 +3436,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=gnutls-utils
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3449,6 +3444,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3488,11 +3488,6 @@
               <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=nss-tools
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3501,6 +3496,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5760,6 +5760,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</xccdf-1.2:rationale>
                 <xccdf-1.2:platform idref="#machine"/>
+                <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="no_empty_passwords">---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</xccdf-1.2:fix>
                 <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="no_empty_passwords" complexity="low" disruption="medium" reboot="false" strategy="configure"># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
@@ -5932,26 +5952,6 @@
     - no_empty_passwords
     - no_reboot_needed
/usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,1018 +7,1018 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpdate_disabled_ocil:questionnaire:1">
+      <ocil:title>Disable ntpdate Service (ntpdate)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpdate_disabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-ensure_gpgcheck_globally_activated_ocil:questionnaire:1">
-      <ocil:title>Ensure gpgcheck Enabled In Main yum Configuration</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-ensure_gpgcheck_globally_activated_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">
+      <ocil:title>Ensure Logrotate Runs Periodically</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,64 +58,64 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -123,9 +123,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -3334,11 +3334,6 @@
           <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=gnutls-utils
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3347,6 +3342,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3386,11 +3386,6 @@
           <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=nss-tools
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3399,6 +3394,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -5658,6 +5658,26 @@
 run commands with the privileges of that account. Accounts with
 empty passwords should never be used in operational environments.</xccdf-1.1:rationale>
             <xccdf-1.1:platform idref="#machine"/>
+            <xccdf-1.1:fix system="urn:xccdf:fix:script:kubernetes" id="no_empty_passwords">---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    storage:
+      files:
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/password-auth
+        overwrite: true
+      - contents:
+          source: data:,%23%20Generated%20by%20authselect%20on%20Sat%20Oct%2027%2014%3A59%3A36%202018%0A%23%20Do%20not%20modify%20this%20file%20manually.%0A%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_env.so%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_faildelay.so%20delay%3D2000000%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_fprintd.so%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet%0Aauth%20%20%20%20%20%20%20%20%5Bdefault%3D1%20ignore%3Dignore%20success%3Dok%5D%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20try_first_pass%0Aauth%20%20%20%20%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3E%3D%201000%20quiet_success%0Aauth%20%20%20%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20forward_pass%0Aauth%20%20%20%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_localuser.so%0Aaccount%20%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20uid%20%3C%201000%20quiet%0Aaccount%20%20%20%20%20%5Bdefault%3Dbad%20success%3Dok%20user_unknown%3Dignore%5D%20pam_sss.so%0Aaccount%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_permit.so%0A%0Apassword%20%20%20%20requisite%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_pwquality.so%20try_first_pass%20local_users_only%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%20sha512%20shadow%20try_first_pass%20use_authtok%0Apassword%20%20%20%20sufficient%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%20use_authtok%0Apassword%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_deny.so%0A%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_keyinit.so%20revoke%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_limits.so%0A-session%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_systemd.so%0Asession%20%20%20%20%20%5Bsuccess%3D1%20default%3Dignore%5D%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_succeed_if.so%20service%20in%20crond%20quiet%20use_uid%0Asession%20%20%20%20%20required%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_unix.so%0Asession%20%20%20%20%20optional%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20pam_sss.so%0A
+        mode: 0644
+        path: /etc/pam.d/system-auth
+        overwrite: true
+</xccdf-1.1:fix>
             <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="no_empty_passwords" complexity="low" disruption="medium" reboot="false" strategy="configure"># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
@@ -5830,26 +5850,6 @@
     - no_empty_passwords
     - no_reboot_needed
/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -155,19 +155,24 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="aarch64_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -175,29 +180,30 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -205,9 +211,19 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="pam">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="audit">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -219,9 +235,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -229,35 +245,19 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -265,9 +265,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7495,7 +7495,8 @@
 access when the system is rebooted.</xccdf-1.2:rationale>
               <xccdf-1.2:platform idref="#machine"/>
               <xccdf-1.2:ident system="https://nvd.nist.gov/cce/index.cfm">CCE-82496-1</xccdf-1.2:ident>
-              <xccdf-1.2:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
+              <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7503,15 +7504,10 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
+      - enabled: false
+        name: debug-shell.service
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
-apiVersion: machineconfiguration.openshift.io/v1
+              <xccdf-1.2:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7519,8 +7515,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
/usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -155,19 +155,24 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="aarch64_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -175,29 +180,30 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -205,9 +211,19 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="pam">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="audit">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -219,9 +235,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -229,35 +245,19 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -265,9 +265,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7495,7 +7495,8 @@
 access when the system is rebooted.</xccdf-1.2:rationale>
               <xccdf-1.2:platform idref="#machine"/>
               <xccdf-1.2:ident system="https://nvd.nist.gov/cce/index.cfm">CCE-82496-1</xccdf-1.2:ident>
-              <xccdf-1.2:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
+              <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7503,15 +7504,10 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
+      - enabled: false
+        name: debug-shell.service
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
-apiVersion: machineconfiguration.openshift.io/v1
+              <xccdf-1.2:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7519,8 +7515,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
/usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhcos4-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,22 +7,16 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
     <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
@@ -31,454 +25,448 @@
         <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
+      <ocil:title>Verify Group Who Owns SSH Server config file</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_log_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /var/log</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_log_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-coreos_page_poison_kernel_argument_ocil:questionnaire:1">
-      <ocil:title>Enable page allocator poisoning</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-coreos_page_poison_kernel_argument_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
/usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,24 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="aarch64_arch">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="polkit">
@@ -63,29 +68,30 @@
         <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -93,9 +99,19 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="pam">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="audit">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -107,9 +123,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -117,35 +133,19 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
       <cpe-lang:logical-test operator="AND" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -153,9 +153,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -7383,7 +7383,8 @@
 access when the system is rebooted.</xccdf-1.1:rationale>
           <xccdf-1.1:platform idref="#machine"/>
           <xccdf-1.1:ident system="https://nvd.nist.gov/cce/index.cfm">CCE-82496-1</xccdf-1.1:ident>
-          <xccdf-1.1:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
+          <xccdf-1.1:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
+apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7391,15 +7392,10 @@
       version: 3.1.0
     systemd:
       units:
-      - name: debug-shell.service
-        enabled: false
-        mask: true
-      - name: debug-shell.socket
-        enabled: false
-        mask: true
+      - enabled: false
+        name: debug-shell.service
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:xccdf:fix:script:kubernetes" id="service_debug-shell_disabled">---
-apiVersion: machineconfiguration.openshift.io/v1
+          <xccdf-1.1:fix system="urn:xccdf:fix:script:ignition" id="service_debug-shell_disabled" complexity="low" disruption="medium" reboot="true" strategy="disable">apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
   config:
@@ -7407,8 +7403,12 @@
       version: 3.1.0
     systemd:
       units:
-      - enabled: false
-        name: debug-shell.service
+      - name: debug-shell.service
+        enabled: false
+        mask: true
+      - name: debug-shell.socket
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -191,14 +191,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -206,29 +211,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -236,34 +252,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -275,14 +291,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -290,20 +301,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -311,24 +311,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -10424,11 +10424,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -193,14 +193,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -208,29 +213,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -238,34 +254,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -277,14 +293,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -292,20 +303,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -313,24 +313,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -10426,11 +10426,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel7-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,1480 +7,1480 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-sebool_logging_syslogd_can_sendmail_ocil:questionnaire:1">
-      <ocil:title>Disable the logging_syslogd_can_sendmail SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_logging_syslogd_can_sendmail_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_postfix_local_write_mail_spool_ocil:questionnaire:1">
-      <ocil:title>Enable the postfix_local_write_mail_spool SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_virt_use_nfs_ocil:questionnaire:1">
+      <ocil:title>Disable the virt_use_nfs SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_postfix_local_write_mail_spool_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_virt_use_nfs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_domain_kernel_load_modules_ocil:questionnaire:1">
+      <ocil:title>Disable the domain_kernel_load_modules SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_domain_kernel_load_modules_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-configure_firewalld_rate_limiting_ocil:questionnaire:1">
-      <ocil:title>Configure firewalld To Rate Limit Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
+      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-configure_firewalld_rate_limiting_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_xserver_execmem_ocil:questionnaire:1">
-      <ocil:title>Disable the xserver_execmem SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_rsync_full_access_ocil:questionnaire:1">
+      <ocil:title>Disable the rsync_full_access SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_xserver_execmem_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_rsync_full_access_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
-      <ocil:title>Add noexec Option to /var/tmp</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_nfsd_anon_write_ocil:questionnaire:1">
+      <ocil:title>Disable the nfsd_anon_write SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_nfsd_anon_write_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-install_mcafee_hbss_accm_ocil:questionnaire:1">
+      <ocil:title>Install the Asset Configuration Compliance Module (ACCM)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-install_mcafee_hbss_accm_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_samba_share_fusefs_ocil:questionnaire:1">
+      <ocil:title>Disable the samba_share_fusefs SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_samba_share_fusefs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_daemons_use_tcp_wrapper_ocil:questionnaire:1">
+      <ocil:title>Disable the daemons_use_tcp_wrapper SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_daemons_use_tcp_wrapper_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_refcount_full_ocil:questionnaire:1">
-      <ocil:title>Perform full reference count validation</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_refcount_full_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_fenced_can_ssh_ocil:questionnaire:1">
+      <ocil:title>Disable the fenced_can_ssh SELinux Boolean</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,29 +63,40 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="wifi-iface">
@@ -88,34 +104,34 @@
         <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -127,14 +143,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -142,20 +153,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -163,24 +163,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -10276,11 +10276,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -227,14 +227,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -242,69 +247,75 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="no_ovirt">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -316,14 +327,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="no_ovirt">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -331,25 +342,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -357,24 +357,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -229,14 +229,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -244,69 +249,75 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="no_ovirt">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -318,14 +329,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="no_ovirt">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -333,25 +344,14 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
           <cpe-lang:logical-test operator="AND" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -359,24 +359,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel8-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,58 +7,34 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-sebool_logging_syslogd_can_sendmail_ocil:questionnaire:1">
-      <ocil:title>Disable the logging_syslogd_can_sendmail SELinux Boolean</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_logging_syslogd_can_sendmail_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_postfix_local_write_mail_spool_ocil:questionnaire:1">
-      <ocil:title>Enable the postfix_local_write_mail_spool SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_postfix_local_write_mail_spool_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_xserver_execmem_ocil:questionnaire:1">
-      <ocil:title>Disable the xserver_execmem SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_xserver_execmem_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_virt_use_nfs_ocil:questionnaire:1">
+      <ocil:title>Disable the virt_use_nfs SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_virt_use_nfs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_domain_kernel_load_modules_ocil:questionnaire:1">
+      <ocil:title>Disable the domain_kernel_load_modules SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_domain_kernel_load_modules_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
     <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
@@ -67,430 +43,424 @@
         <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_rsync_full_access_ocil:questionnaire:1">
+      <ocil:title>Disable the rsync_full_access SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_rsync_full_access_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_nfsd_anon_write_ocil:questionnaire:1">
+      <ocil:title>Disable the nfsd_anon_write SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_nfsd_anon_write_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-install_mcafee_hbss_accm_ocil:questionnaire:1">
+      <ocil:title>Install the Asset Configuration Compliance Module (ACCM)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-install_mcafee_hbss_accm_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_group_ownership_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>System Audit Directories Must Be Group Owned By Root</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_group_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_refcount_full_ocil:questionnaire:1">
-      <ocil:title>Perform full reference count validation</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_refcount_full_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_etc_gshadow_open_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_samba_share_fusefs_ocil:questionnaire:1">
+      <ocil:title>Disable the samba_share_fusefs SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_samba_share_fusefs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
+      <ocil:title>The operating system must restrict privilege elevation to authorized personnel</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sudo_add_ignore_dot_ocil:questionnaire:1">
-      <ocil:title>Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_daemons_use_tcp_wrapper_ocil:questionnaire:1">
+      <ocil:title>Disable the daemons_use_tcp_wrapper SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sudo_add_ignore_dot_action:testaction:1</ocil:test_action_ref>
/usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,69 +63,75 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="no_ovirt">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -132,14 +143,14 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="no_ovirt">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+        <cpe-lang:fact-ref name="cpe:/a:no_ovirt"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -147,25 +158,14 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
       <cpe-lang:logical-test operator="AND" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -173,24 +173,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
/usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -175,29 +175,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -205,34 +205,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -240,35 +241,29 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -276,9 +271,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -286,14 +281,14 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="not_aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -301,9 +296,14 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="non-uefi">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7820,11 +7820,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7833,6 +7828,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -177,29 +177,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="yum">
+        <cpe-lang:platform id="grub2">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:yum"/>
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="yum">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="polkit">
@@ -207,34 +207,35 @@
             <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_aarch64_arch">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -242,35 +243,29 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="usbguard">
@@ -278,9 +273,9 @@
             <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -288,14 +283,14 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="not_aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -303,9 +298,14 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="non-uefi">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -7822,11 +7822,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7835,6 +7830,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,58 +7,34 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-sebool_logging_syslogd_can_sendmail_ocil:questionnaire:1">
-      <ocil:title>Disable the logging_syslogd_can_sendmail SELinux Boolean</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_logging_syslogd_can_sendmail_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_postfix_local_write_mail_spool_ocil:questionnaire:1">
-      <ocil:title>Enable the postfix_local_write_mail_spool SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_postfix_local_write_mail_spool_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_xserver_execmem_ocil:questionnaire:1">
-      <ocil:title>Disable the xserver_execmem SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_xserver_execmem_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_virt_use_nfs_ocil:questionnaire:1">
+      <ocil:title>Disable the virt_use_nfs SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_virt_use_nfs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_domain_kernel_load_modules_ocil:questionnaire:1">
+      <ocil:title>Disable the domain_kernel_load_modules SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_domain_kernel_load_modules_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
     <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
@@ -67,352 +43,310 @@
         <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_group_ownership_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>System Audit Directories Must Be Group Owned By Root</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_rsync_full_access_ocil:questionnaire:1">
+      <ocil:title>Disable the rsync_full_access SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_group_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_rsync_full_access_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_refcount_full_ocil:questionnaire:1">
-      <ocil:title>Perform full reference count validation</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_refcount_full_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_nfsd_anon_write_ocil:questionnaire:1">
+      <ocil:title>Disable the nfsd_anon_write SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_nfsd_anon_write_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_etc_gshadow_open_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
/usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,29 +43,29 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="yum">
+    <cpe-lang:platform id="grub2">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:yum"/>
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="yum">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="polkit">
@@ -73,34 +73,35 @@
         <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_aarch64_arch">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -108,35 +109,29 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="usbguard">
@@ -144,9 +139,9 @@
         <cpe-lang:fact-ref name="cpe:/a:usbguard"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -154,14 +149,14 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="not_aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -169,9 +164,14 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="non-uefi">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -7688,11 +7688,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -7701,6 +7696,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -171,14 +171,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -186,29 +191,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -216,29 +232,29 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -250,14 +266,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -265,40 +276,29 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2709,11 +2709,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2722,6 +2717,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -171,14 +171,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -186,29 +191,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -216,29 +232,29 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -250,14 +266,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -265,40 +276,29 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2709,11 +2709,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2722,6 +2717,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhv4-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,346 +7,352 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-sebool_logging_syslogd_can_sendmail_ocil:questionnaire:1">
-      <ocil:title>Disable the logging_syslogd_can_sendmail SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_logging_syslogd_can_sendmail_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_domain_kernel_load_modules_ocil:questionnaire:1">
+      <ocil:title>Disable the domain_kernel_load_modules SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_domain_kernel_load_modules_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sebool_xserver_execmem_ocil:questionnaire:1">
-      <ocil:title>Disable the xserver_execmem SELinux Boolean</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sebool_xserver_execmem_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
-      <ocil:title>Require Authentication for Emergency Systemd Target</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_pcsc-lite_installed_ocil:questionnaire:1">
-      <ocil:title>Install the pcsc-lite package</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_pcsc-lite_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
-      <ocil:title>Limit Password Reuse: system-auth</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
+      <ocil:title>Require Authentication for Single User Mode</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
-      <ocil:title>Verify Any Configured IPSec Tunnel Connections</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_daemons_use_tcp_wrapper_ocil:questionnaire:1">
+      <ocil:title>Disable the daemons_use_tcp_wrapper SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_daemons_use_tcp_wrapper_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
-      <ocil:title>Configure auditd space_left on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_fips_mode_ocil:questionnaire:1">
+      <ocil:title>Enable the fips_mode SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_fips_mode_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-coreos_enable_selinux_kernel_argument_ocil:questionnaire:1">
+      <ocil:title>Ensure SELinux Not Disabled in the kernel arguments</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-coreos_enable_selinux_kernel_argument_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
+      <ocil:title>Encrypt Audit Records Sent With audispd Plugin</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_audispd_encrypt_sent_records_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
+      <ocil:title>Verify Group Who Owns SSH Server config file</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sebool_gpg_web_anon_write_ocil:questionnaire:1">
+      <ocil:title>Disable the gpg_web_anon_write SELinux Boolean</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sebool_gpg_web_anon_write_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_successful_file_modification_removexattr_ocil:questionnaire:1">
+      <ocil:title>Record Successful Permission Changes to Files - removexattr</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_removexattr_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-aide_scan_notification_ocil:questionnaire:1">
+      <ocil:title>Configure Notification of Post-AIDE Scan Details</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-aide_scan_notification_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,14 +43,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -58,29 +63,40 @@
         <cpe-lang:fact-ref name="cpe:/a:yum"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="wifi-iface">
@@ -88,29 +104,29 @@
         <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -122,14 +138,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -137,40 +148,29 @@
         <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2581,11 +2581,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2594,6 +2589,11 @@
   }
 }
/usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -205,14 +205,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -220,29 +225,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -250,34 +266,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -289,14 +305,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -304,20 +315,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -325,24 +325,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2215,11 +2215,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -207,14 +207,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="grub2">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="yum">
@@ -222,29 +227,40 @@
             <cpe-lang:fact-ref name="cpe:/a:yum"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="tftp-server">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="polkit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="nss-pam-ldapd">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="polkit">
+        <cpe-lang:platform id="libuser">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:polkit"/>
+            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="grub2">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:grub2"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="wifi-iface">
@@ -252,34 +268,34 @@
             <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd-ldap">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="nss-pam-ldapd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd-ldap">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:sssd-ldap"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -291,14 +307,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="libuser">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:libuser"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="machine">
@@ -306,20 +317,9 @@
             <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="net-snmp">
@@ -327,24 +327,24 @@
             <cpe-lang:fact-ref name="cpe:/a:net-snmp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="not_s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="not_s390x_arch">
+        <cpe-lang:platform id="tftp-server">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:tftp-server"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -2217,11 +2217,6 @@
                   <xccdf-1.2:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
/usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml differs (ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -51,14 +51,19 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit" />
+        <cpe-lang:fact-ref name="cpe:/a:uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam" />
+        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="grub2">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:grub2" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="yum">
@@ -66,29 +71,40 @@
         <cpe-lang:fact-ref name="cpe:/a:yum" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="tftp-server">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="polkit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+        <cpe-lang:fact-ref name="cpe:/a:polkit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="nss-pam-ldapd">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="polkit">
+    <cpe-lang:platform id="libuser">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:polkit" />
+        <cpe-lang:fact-ref name="cpe:/a:libuser" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="grub2">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:grub2" />
+        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd" />
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="wifi-iface">
@@ -96,34 +112,34 @@
         <cpe-lang:fact-ref name="cpe:/a:wifi-iface" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd-ldap">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
+        <cpe-lang:fact-ref name="cpe:/a:postfix" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="nss-pam-ldapd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:nss-pam-ldapd" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:ntp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd-ldap">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
+        <cpe-lang:fact-ref name="cpe:/a:sssd-ldap" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix" />
+        <cpe-lang:fact-ref name="cpe:/a:pam" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi" />
+        <cpe-lang:fact-ref name="cpe:/a:audit" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine_and_chrony_or_ntp">
@@ -135,14 +151,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="libuser">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:libuser" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo" />
+        <cpe-lang:fact-ref name="cpe:/a:gdm" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="machine">
@@ -150,20 +161,9 @@
         <cpe-lang:fact-ref name="cpe:/a:machine" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony" />
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs" />
+        <cpe-lang:fact-ref name="cpe:/a:sudo" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="net-snmp">
@@ -171,24 +171,24 @@
         <cpe-lang:fact-ref name="cpe:/a:net-snmp" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd" />
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="not_s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp" />
+        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="not_s390x_arch">
+    <cpe-lang:platform id="tftp-server">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch" />
+        <cpe-lang:fact-ref name="cpe:/a:tftp-server" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm" />
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi" />
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2061,11 +2061,6 @@
               <xccdf-1.1:fix system="urn:redhat:anaconda:pre" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 package --add=aide
RPMS.2017/scap-security-guide-ubuntu-0.1.62-0.0.noarch.rpm RPMS/scap-security-guide-ubuntu-0.1.62-0.0.noarch.rpm differ: byte 225, line 1
Comparing scap-security-guide-ubuntu-0.1.62-0.0.noarch.rpm to scap-security-guide-ubuntu-0.1.62-0.0.noarch.rpm
comparing the rpm tags of scap-security-guide-ubuntu
--- old-rpm-tags
+++ new-rpm-tags
@@ -172,2 +172,2 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html e2108f93bd332282cdba725b0acdefcfecc0dd1668d9c3fa0aaa226cd614557d 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_high.html 247af379480e7eaf62af0e76e6e558280e538df0961f945dc19a9510395a33bc 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html cda2f2859c4bc6c311fc7c868ba1dbbfce4856049ed5f8397ff7d643cd416006 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_high.html 4f681196fe9190a07e3a17a4ce3bab914d8fce51079605ab7937d58b267fd426 2
@@ -175 +175 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html ce7a8e3feb7403ce473b4a01326262d10fd58ced71623bacbe27ce4188ce8362 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html dab49d83dbc736ea437d0b99b76f19eb0e16a8c878718ac33d378cb7bd880a54 2
@@ -177,3 +177,3 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-standard.html 3ed602eaf64c8ec22cef71b4f36f89d50a17747dc3cce6ffd66cea8c44641d18 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_average.html 37752a39d863cee00fd0696c37f6c0d16eae23f0edfcd8b43b012e68fcea7c87 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_high.html 1904778813ebefd1353fdc951cc515a76d7b761f2235d0be93859b15be87dde2 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-standard.html 30dcef06318a5a27af8c910dcbb7cc2fd81abdf4a2bcb352d4c1fd9abb915d9a 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_average.html 7f2d2de8512de06ff608d232a03c4c6b8f04c73ee780353af2449a8c5105a9f6 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_high.html b65ab093755071461a4559a6d19aa1177a7780b6e8783236637e8ab5f7febce9 2
@@ -181,2 +181,2 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html 016b5b196066fd54d9877a3114dbdbb4779926afe7e8473e6f9b242e6a75cf2a 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-cis.html f40302cc9e2f0fb0816bef3765b9be6bea281b0b698b4ee9745a7f0f85479161 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html cfddb3053e98efd391b9a227e395a0cb60ef3f670bd0f464223289b5e8dc5b10 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-cis.html 2c4f9c857a52712b2006e25c99ba92221fe8f6ee2c7fd183e701ea7f5db02f36 2
@@ -184,5 +184,5 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-standard.html 0ec8434e0754d08104f5d80e2051c055e311b0302dd8bdd81c9820a53409c33d 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_server.html f350ff10b859a72970932d74a35f685235a0baccbdaa63b85ced9dc1a360f9dc 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_workstation.html c7d64f5371c15ffa793adf507ffdf40367c5ad2e4127a952c4c47450cb754910 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_server.html ffc36f45e62d55c305ac2d1abe3a996056b91897fb781e4b56a35079f65f8c4c 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_workstation.html acf4d34fd6ed26de194ed03583541641f74eaf3069a9b26a84bf87baeff4dc5c 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-standard.html 22d8cc31626706cf8390d885aad640aa167913c82dc4fb23ad1aabf49b33e32c 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_server.html 1d0893c2639c2593f78bc06dc9eafcd52b5251723b32377d6429f0d32f2a2ec0 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_workstation.html 9bb4ef088f6d8bb3af2b33e755a1a7c7225ae71265545f64ee1396e6552a0d5c 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_server.html 3d9c718ef4b08238b2675412bd4ac295ddf8932de7e683b6fe6f8d7ff1c66dbf 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_workstation.html f7204603bd4520d817f679a9387f6f06c480dad2640a36adb69487c0aac3fbfe 2
@@ -190,2 +190,2 @@
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-standard.html fc8e88f93e873cdca69985283dd57186422c7b937eedbb74a08634deec11276a 2
-/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-stig.html 5922af5c78790d53ac80a4ee2056c9e90895ccc0989b203bc2e5fbabc756d820 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-standard.html 10cfd3e20809494ff92f8b6e89772ef44cf600a9f75055266ab4da1b64bcf377 2
+/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-stig.html e9787ae127efbde34c11833cf8f69a1c7d7ca79b721f40b97cb406c2f3e129dc 2
@@ -238,3 +238,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml a5f67034e447bd695b763fafe9a7c9a25473b73011aab689e0e480c4010fd6d1 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml 9c98c1230a074b007166437437afa64d660d7ca20fb8af75868eb486f509ae3c 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml 7ff97d17f48e0cd45ddd2923b9c838347c3d35557f72f2b56385b52daaec8502 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml 8eb1f1cb7e5430bef8f6a458ad4896963b02ab41550d21bb215d49db2bef9ff3 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml b0f78c963faa41359bb20a1c915a3763af76b088538073da1ce54c63bc78528d 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml 5c2eb15f32c9ad1194c87831d8376e6cfb7b92046dc71538dcffe76075766fc7 0
@@ -242 +242 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml 426a9a85170ed4bc953ab6b900fba953fce04b81b82f8e2d8cb9a5fd20b893ae 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml 7ea3cfc0bc57ac0d0ab35764516b3eeca94851d48e2a15154fa1db332ea10853 0
@@ -245,3 +245,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml dda235899102ffaef96184f7c9a56718c0f4d4f9866a9c478dff137f6ef11ac5 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml 2ce456f22d09f6d64fd5fe73d5e45fb3d27d1cf197f45c2c6b098b69028f2c4b 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml 565ce0d9ed3e42df97adfd622ed2af793b9ae80f8aaa8d774494d966cca4d712 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml 72e567eb7cbe2a122fc7fa49b2c2971e275b85bf320baa183b5a4f36e582d99f 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml 921abc0aeb8dcd9af9a489c8bffab935ad1118e0c371a7e200000c9a24a82d6c 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml ded128d04ce7c78bc56a15e3cfa059184eb9e8327fe3a38beff9ea2f2e16f916 0
@@ -249 +249 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml f554ca647c5eb829fe5877937a871ab043d11ad447f723e02eb8998deac1ccb0 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml 80a2afe754a935ff503fd2cd97fafbd2367dad092011010456ac60ef9d7261cc 0
@@ -252,3 +252,3 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml 78339add0c9f9ae8060aa0924ccdb6688bf893b043acca3301cd08bb0ddc235b 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml ef1827a3cdae08d7833e9e68d0a0921f88dbd65f822a573f58a6e3c1a01abd34 0
-/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml 1dacba94f8b4a1dde08c1009143bf8f35469b774f4fa687dbf360d81c02931ce 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml 91ba253d3325f20ea82cd7ec42089e0d3be9cf9c16a955a68d34f1b2956823cf 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml 05776ca11a3a00e014f1179c2ac730d9f697d63c751da43381698031b833629a 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml 5767fe565a737011d956858cd3d140b75ba0a5e1818466808733ba011e3a9fef 0
@@ -256 +256 @@
-/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml 8f32937955d450a8670e1c5ed4ed705b88352d49d6d13cd7a70e1bc08277bd23 0
+/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml e1e1ea7d9e54188339e3cb125c442d57e2eacea05811de745bebb4ce256d5c78 0
comparing rpmtags
comparing RELEASE
comparing PROVIDES
comparing scripts
comparing filelist
comparing file checksum
creating rename script
RPM file checksum differs.
Extracting packages
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
@@ -1749,17 +1749,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -362,17 +362,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -418,10 +418,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -429,6 +426,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -1797,17 +1797,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -2055,17 +2055,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2105,10 +2105,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2116,6 +2113,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2167,10 +2167,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2178,6 +2175,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
+[customizations.services]
+enabled = ["systemd-timesyncd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service systemd-timesyncd
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
@@ -362,17 +362,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -418,10 +418,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id24" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id24"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -429,6 +426,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -1754,17 +1754,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id85" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id85"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -2012,17 +2012,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id110" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id110"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2062,10 +2062,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2073,6 +2070,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2124,10 +2124,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2135,6 +2132,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
+[customizations.services]
+enabled = ["systemd-timesyncd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service systemd-timesyncd
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1604-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -238,17 +238,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id13" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id13"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -294,10 +294,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id18" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id18"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -305,6 +302,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -576,17 +576,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -618,10 +618,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -629,6 +626,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1712,17 +1712,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1756,10 +1756,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1767,6 +1764,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -2025,17 +2025,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2075,10 +2075,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2086,6 +2083,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2137,10 +2137,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id128" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id128"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2148,6 +2145,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>
+[customizations.services]
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_average.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_average.html	2022-07-15 00:00:00.000000000 +0000
@@ -1749,17 +1749,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_high.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_high.html	2022-07-15 00:00:00.000000000 +0000
@@ -362,17 +362,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -418,10 +418,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -429,6 +426,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -1797,17 +1797,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -2055,17 +2055,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id114" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id114"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id115" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id115"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2105,10 +2105,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2116,6 +2113,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2167,10 +2167,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2178,6 +2175,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[customizations.services]
+enabled = ["systemd-timesyncd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service systemd-timesyncd
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html	2022-07-15 00:00:00.000000000 +0000
@@ -362,17 +362,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -418,10 +418,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id25" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id25"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -429,6 +426,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -1754,17 +1754,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id86" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id86"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -2012,17 +2012,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id111" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id111"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id112" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id112"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id113" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id113"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2062,10 +2062,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id116" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id116"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2073,6 +2070,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id117" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id117"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id118" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id118"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2124,10 +2124,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2135,6 +2132,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id122" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id122"><pre><code>
+[customizations.services]
+enabled = ["systemd-timesyncd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id123" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id123"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service systemd-timesyncd
   block:
 
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-cis.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-cis.html	2022-07-15 00:00:00.000000000 +0000
@@ -1075,10 +1075,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -1086,6 +1083,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu1804-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -236,17 +236,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id14" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id14"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -292,10 +292,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id19" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id19"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -303,6 +300,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -574,17 +574,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id30" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id30"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -616,10 +616,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id35" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id35"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -627,6 +624,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1710,17 +1710,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1754,10 +1754,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id94" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id94"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1765,6 +1762,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id95" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id95"><pre><code>
+[customizations.services]
+enabled = ["cron"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service cron
   block:
 
@@ -2023,17 +2023,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><pre><code>
-[[packages]]
-name = "ntp"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id119" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id119"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_ntp
 
 class install_ntp {
   package { 'ntp':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id120" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id120"><pre><code>
+[[packages]]
+name = "ntp"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id121" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id121"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure ntp is installed
   package:
     name: ntp
@@ -2073,10 +2073,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><pre><code>
-[customizations.services]
-enabled = ["ntp"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id124" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id124"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_ntp
 
 class enable_ntp {
   service {'ntp':
@@ -2084,6 +2081,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id125" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id125"><pre><code>
+[customizations.services]
+enabled = ["ntp"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id126" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id126"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service ntp
   block:
 
@@ -2135,10 +2135,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><pre><code>
-[customizations.services]
-enabled = ["systemd-timesyncd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id129" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id129"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_systemd-timesyncd
 
 class enable_systemd-timesyncd {
   service {'systemd-timesyncd':
@@ -2146,6 +2143,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id130" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id130"><pre><code>
+[customizations.services]
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_server.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_server.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_server.html	2022-07-15 00:00:00.000000000 +0000
@@ -118,17 +118,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -542,17 +542,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id29" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id29"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -2873,17 +2873,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id133" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id133"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id134" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id134"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id135" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id135"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -2915,10 +2915,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -2926,6 +2923,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id139" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id139"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id140" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id140"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -3031,10 +3031,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id144" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id144"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -3042,6 +3039,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id144" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id144"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id145" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id145"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -3135,17 +3135,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id151" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id151"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id152" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id152"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id153" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id153"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -7247,10 +7247,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id306" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id306"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id305" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id305"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -7258,6 +7255,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id306" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id306"><pre><code>
+[customizations.services]
+disabled = ["autofs"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id307" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id307"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service autofs
   block:
 
@@ -8471,7 +8471,21 @@
 port, it is subject to network attacks. Its functionality
 is convenient but is only appropriate if the local network
 can be trusted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_avahi-daemon_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">2.2.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id347"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">2.2.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id347"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: avahi-daemon.service
+        enabled: false
+        mask: true
+      - name: avahi-daemon.socket
+        enabled: false
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id348" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id348"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -8491,9 +8505,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id348" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id348"><pre><code>
-[customizations.services]
-disabled = ["avahi-daemon"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id349" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id349"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_avahi-daemon
 
 class disable_avahi-daemon {
@@ -8502,7 +8513,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service avahi-daemon
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id350" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id350"><pre><code>
+[customizations.services]
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_workstation.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_workstation.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level1_workstation.html	2022-07-15 00:00:00.000000000 +0000
@@ -118,17 +118,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -569,17 +569,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id26" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id26"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id27" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id27"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id28" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id28"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -3069,17 +3069,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id137"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id136" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id136"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id137" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id137"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id138" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id138"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -3111,10 +3111,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id141" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id141"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -3122,6 +3119,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id142" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id142"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id143" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id143"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -3227,10 +3227,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id146" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id146"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -3238,6 +3235,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id147" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id147"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id148" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id148"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -3331,17 +3331,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id154" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id154"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id155" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id155"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id156" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id156"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id157" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id157"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -8451,7 +8451,21 @@
 port, it is subject to network attacks. Its functionality
 is convenient but is only appropriate if the local network
 can be trusted.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_avahi-daemon_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
-            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">2.2.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
+            <a href="https://www.cisecurity.org/controls/">11</a>, <a href="https://www.cisecurity.org/controls/">14</a>, <a href="https://www.cisecurity.org/controls/">3</a>, <a href="https://www.cisecurity.org/controls/">9</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.01</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.02</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.03</a>, <a href="https://www.isaca.org/resources/cobit">BAI10.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.02</a>, <a href="https://www.isaca.org/resources/cobit">DSS05.05</a>, <a href="https://www.isaca.org/resources/cobit">DSS06.06</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.5.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.5</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.6</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.7</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.8</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.6.9</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.1</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.3</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.3.7.4</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.2</a>, <a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">4.3.4.3.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.10</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.11</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.12</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.13</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.8</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 1.9</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.1</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.2</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.3</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.4</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.5</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.6</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 2.7</a>, <a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">SR 7.6</a>, <a href="https://www.iso.org/standard/54534.html">A.12.1.2</a>, <a href="https://www.iso.org/standard/54534.html">A.12.5.1</a>, <a href="https://www.iso.org/standard/54534.html">A.12.6.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.2</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.3</a>, <a href="https://www.iso.org/standard/54534.html">A.14.2.4</a>, <a href="https://www.iso.org/standard/54534.html">A.9.1.2</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(a)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-7(b)</a>, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.IP-1</a>, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">PR.PT-3</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">2.2.3</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: avahi-daemon.service
+        enabled: false
+        mask: true
+      - name: avahi-daemon.socket
+        enabled: false
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code># Remediation is applicable only in certain platforms
 if [ ! -f /.dockerenv ] &amp;&amp; [ ! -f /run/.containerenv ]; then
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
@@ -8471,9 +8485,6 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><pre><code>
-[customizations.services]
-disabled = ["avahi-daemon"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_avahi-daemon
 
 class disable_avahi-daemon {
@@ -8482,7 +8493,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id342" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id342"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service avahi-daemon
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id342" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id342"><pre><code>
+[customizations.services]
+disabled = ["avahi-daemon"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id343" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id343"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service avahi-daemon
   block:
 
     - name: Disable service avahi-daemon
@@ -8543,20 +8557,6 @@
     - medium_severity
     - no_reboot_needed
     - service_avahi-daemon_disabled
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id343" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id343"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: avahi-daemon.service
-        enabled: false
-        mask: true
-      - name: avahi-daemon.socket
-        enabled: false
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_server.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_server.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_server.html	2022-07-15 00:00:00.000000000 +0000
@@ -118,17 +118,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -587,17 +587,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id34" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id34"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -36139,17 +36139,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id310"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id309" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id309"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id310" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id310"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id311" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id311"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -36196,10 +36196,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -36207,6 +36204,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id315" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id315"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id316" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id316"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -36564,17 +36564,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id333" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id333"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id333" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id333"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -36606,10 +36606,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id338" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id338"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id338" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id338"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -36617,6 +36614,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -36722,10 +36722,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id343" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id343"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id343" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id343"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -36733,6 +36730,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id344" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id344"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id345" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id345"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -36826,17 +36826,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id351" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id351"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id352" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id352"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id353" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id353"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id352" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id352"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id353" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id353"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id354"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -41120,10 +41120,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id517" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id517"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id517" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id517"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -41131,6 +41128,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id518" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id518"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_workstation.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_workstation.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-cis_level2_workstation.html	2022-07-15 00:00:00.000000000 +0000
@@ -118,17 +118,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -614,17 +614,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "sudo"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_sudo
 
 class install_sudo {
   package { 'sudo':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "sudo"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure sudo is installed
   package:
     name: sudo
@@ -36335,17 +36335,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id312" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id312"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id313"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id312" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id312"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id313" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id313"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id314" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id314"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -36392,10 +36392,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id317" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id317"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -36403,6 +36400,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id318" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id318"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id319" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id319"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -36760,17 +36760,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id337" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id337"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id337" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id337"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id338" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id338"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -36802,10 +36802,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id342" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id342"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -36813,6 +36810,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id342" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id342"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id343" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id343"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -36918,10 +36918,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id346"><pre><code>
-[customizations.services]
-enabled = ["iptables"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id347"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id346"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_iptables
 
 class enable_iptables {
   service {'iptables':
@@ -36929,6 +36926,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id347"><pre><code>
+[customizations.services]
+enabled = ["iptables"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id348" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id348"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service iptables
   block:
 
@@ -37022,17 +37022,17 @@
 masquerading, etc.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_iptables_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">CM-6(a)</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00227</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">3.5.3.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id354" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id354"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "iptables"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><pre><code>
-[[packages]]
-name = "iptables"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id356" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id356"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id355" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id355"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_iptables
 
 class install_iptables {
   package { 'iptables':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id356" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id356"><pre><code>
+[[packages]]
+name = "iptables"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id357" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id357"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure iptables is installed
   package:
     name: iptables
@@ -41316,10 +41316,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id520" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id520"><pre><code>
-[customizations.services]
-disabled = ["autofs"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id521" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id521"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id520" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id520"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_autofs
 
 class disable_autofs {
   service {'autofs':
@@ -41327,6 +41324,9 @@
     ensure =&gt; 'stopped',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id521" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id521"><pre><code>
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-standard.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-standard.html	2022-07-15 00:00:00.000000000 +0000
@@ -265,17 +265,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id15" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id15"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id16" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id16"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id17" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id17"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -322,10 +322,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id20" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id20"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -333,6 +330,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id21" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id21"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id22" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id22"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -604,17 +604,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><pre><code>
-[[packages]]
-name = "rsyslog"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id31" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id31"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_rsyslog
 
 class install_rsyslog {
   package { 'rsyslog':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id32" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id32"><pre><code>
+[[packages]]
+name = "rsyslog"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id33" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id33"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure rsyslog is installed
   package:
     name: rsyslog
@@ -646,10 +646,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><pre><code>
-[customizations.services]
-enabled = ["rsyslog"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id36" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id36"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_rsyslog
 
 class enable_rsyslog {
   service {'rsyslog':
@@ -657,6 +654,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id37" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id37"><pre><code>
+[customizations.services]
+enabled = ["rsyslog"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id38" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id38"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Enable service rsyslog
   block:
 
@@ -1739,7 +1739,21 @@
 <pre>$ sudo systemctl mask --now apport.service</pre></div></td></tr><tr><td><span class="label label-primary">Rationale:</span></td><td><div class="rationale">The Apport service modifies the kernel
 <code>fs.suid_dumpable</code> configuration at runtime which
 prevents other hardening from being persistent. Disabling the
-service prevents this behavior.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">unknown</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_apport_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>
+service prevents this behavior.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">unknown</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_service_apport_disabled</td></tr><tr><td>Identifiers and References</td><td class="identifiers"></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id89" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id89"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+spec:
+  config:
+    ignition:
+      version: 3.1.0
+    systemd:
+      units:
+      - name: apport.service
+        enabled: false
+        mask: true
+      - name: apport.socket
+        enabled: false
+        mask: true
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id90"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>
 
 SYSTEMCTL_EXEC='/usr/bin/systemctl'
 "$SYSTEMCTL_EXEC" stop 'apport.service'
@@ -1754,9 +1768,6 @@
 # so let's reset the state so OVAL checks pass.
 # Service should be 'inactive', not 'failed' after reboot though.
 "$SYSTEMCTL_EXEC" reset-failed 'apport.service' || true
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id90" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id90"><pre><code>
-[customizations.services]
-disabled = ["apport"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id91" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id91"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include disable_apport
 
 class disable_apport {
@@ -1765,7 +1776,10 @@
     ensure =&gt; 'stopped',
   }
 }
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service apport
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id92" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id92"><pre><code>
+[customizations.services]
+disabled = ["apport"]
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>- name: Disable service apport
   block:
 
     - name: Disable service apport
@@ -1813,20 +1827,6 @@
     - no_reboot_needed
     - service_apport_disabled
     - unknown_severity
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id93" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Kubernetes snippet ⇲</a><br><div class="panel-collapse collapse" id="id93"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>medium</td></tr><tr><th>Reboot:</th><td>true</td></tr><tr><th>Strategy:</th><td>disable</td></tr></table><pre><code>apiVersion: machineconfiguration.openshift.io/v1
-kind: MachineConfig
-spec:
-  config:
-    ignition:
-      version: 3.1.0
-    systemd:
-      units:
-      - name: apport.service
-        enabled: false
-        mask: true
-      - name: apport.socket
-        enabled: false
-        mask: true
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="children-xccdf_org.ssgproject.content_group_cron_and_at" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_services"><td style="padding-left: 38px" id="xccdf_org.ssgproject.content_group_cron_and_at"><span class="label label-default">Group</span>  
                 Cron and At Daemons
                           <small>Group contains 2 rules</small></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_cron_and_at" class="guide-tree-inner-node guide-tree-inner-node-id-xccdf_org.ssgproject.content_group_cron_and_at" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_services"><td style="padding-left: 38px"><div><a class="small" href="#xccdf_org.ssgproject.content_group_cron_and_at">[ref]</a>  
@@ -1845,17 +1845,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><pre><code>
-[[packages]]
-name = "cron"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id96" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id96"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_cron
 
 class install_cron {
   package { 'cron':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id97" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id97"><pre><code>
+[[packages]]
+name = "cron"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id98" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id98"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure cron is installed
   package:
     name: cron
@@ -1889,10 +1889,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><pre><code>
-[customizations.services]
-enabled = ["cron"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id101" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id101"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_cron
 
 class enable_cron {
   service {'cron':
@@ -1900,6 +1897,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id102" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id102"><pre><code>
+[customizations.services]
+enabled = ["cron"]
/usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-stig.html differs (HTML document, UTF-8 Unicode text, with very long lines)
--- old//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/doc/scap-security-guide/guides/ssg-ubuntu2004-guide-stig.html	2022-07-15 00:00:00.000000000 +0000
@@ -120,17 +120,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><pre><code>
-[[packages]]
-name = "aide"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id9" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id9"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_aide
 
 class install_aide {
   package { 'aide':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id10" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id10"><pre><code>
+[[packages]]
+name = "aide"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id11" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id11"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure aide is installed
   package:
     name: aide
@@ -2200,17 +2200,17 @@
 configuration and has the ability to limit brute-force attacks on the system.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-000366</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000480-GPOS-00225</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">UBTU-20-010057</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id69" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id69"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "libpam-pwquality"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><pre><code>
-[[packages]]
-name = "libpam-pwquality"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libpam-pwquality
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id70" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id70"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libpam-pwquality
 
 class install_libpam-pwquality {
   package { 'libpam-pwquality':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id71" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id71"><pre><code>
+[[packages]]
+name = "libpam-pwquality"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id72" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id72"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure libpam-pwquality is installed
   package:
     name: libpam-pwquality
@@ -2338,17 +2338,17 @@
 unlock the system.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_vlock_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-000056</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000058</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-000060</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000028-GPOS-00009</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">UBTU-20-010005</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id76" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id76"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "vlock"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><pre><code>
-[[packages]]
-name = "vlock"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_vlock
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id77" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id77"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_vlock
 
 class install_vlock {
   package { 'vlock':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id78" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id78"><pre><code>
+[[packages]]
+name = "vlock"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id79" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id79"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure vlock is installed
   package:
     name: vlock
@@ -2392,17 +2392,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><pre><code>
-[[packages]]
-name = "opensc-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id82" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id82"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_opensc-pkcs11
 
 class install_opensc-pkcs11 {
   package { 'opensc-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id83" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id83"><pre><code>
+[[packages]]
+name = "opensc-pkcs11"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id84" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id84"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure opensc-pkcs11 is installed
   package:
     name: opensc-pkcs11
@@ -2442,17 +2442,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><pre><code>
-[[packages]]
-name = "libpam-pkcs11"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libpam-pkcs11
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id87" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id87"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_libpam-pkcs11
 
 class install_libpam-pkcs11 {
   package { 'libpam-pkcs11':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id88" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id88"><pre><code>
+[[packages]]
+name = "libpam-pkcs11"
+version = "*"
 </code></pre></div></div></td></tr></tbody></table></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_smartcard_configure_ca" class="guide-tree-leaf guide-tree-leaf-id-xccdf_org.ssgproject.content_rule_smartcard_configure_ca" id="guide-tree-leaf-id89" data-tt-parent-id="children-xccdf_org.ssgproject.content_group_smart_card_login"><td style="padding-left: 114px"><table class="table table-striped table-bordered"><tbody><tr><td colspan="2"><h4 id="xccdf_org.ssgproject.content_rule_smartcard_configure_ca"><span class="label label-default">Rule</span>  
                                 Configure Smart Card Certificate Authority Validation
                                   <a class="small" href="#xccdf_org.ssgproject.content_rule_smartcard_configure_ca">[ref]</a></h4></td></tr><tr><td colspan="2"><div class="description">Configure the operating system to do certificate status checking for PKI
@@ -39277,17 +39277,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id329" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id329"><pre><code>
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id329" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id329"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_audispd-plugins
 
 class install_audispd-plugins {
   package { 'audispd-plugins':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id330" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id330"><pre><code>
+[[packages]]
+name = "audispd-plugins"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id331" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id331"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -39312,17 +39312,17 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><pre><code>
-[[packages]]
-name = "auditd"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id334" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id334"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_auditd
 
 class install_auditd {
   package { 'auditd':
     ensure =&gt; 'installed',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id335" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id335"><pre><code>
+[[packages]]
+name = "auditd"
+version = "*"
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id336" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id336"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Ensure auditd is installed
   package:
     name: auditd
@@ -39369,10 +39369,7 @@
 else
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><pre><code>
-[customizations.services]
-enabled = ["auditd"]
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id339" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id339"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include enable_auditd
 
 class enable_auditd {
   service {'auditd':
@@ -39380,6 +39377,9 @@
     ensure =&gt; 'running',
   }
 }
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id340" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id340"><pre><code>
+[customizations.services]
+enabled = ["auditd"]
 </code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id341" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Ansible snippet ⇲</a><br><div class="panel-collapse collapse" id="id341"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>- name: Gather the package facts
   package_facts:
     manager: auto
@@ -39497,17 +39497,17 @@
 Discretionary Access Control system will be available.</div></td></tr><tr><td><span class="label label-warning">Severity:</span> </td><td><div class="severity">medium</div></td></tr><tr><td><span class="label label-primary">Rule ID:</span></td><td>xccdf_org.ssgproject.content_rule_package_apparmor_installed</td></tr><tr><td>Identifiers and References</td><td class="identifiers"><p><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span> 
             <a href="https://public.cyber.mil/stigs/cci/">CCI-001764</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-001774</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002165</a>, <a href="https://public.cyber.mil/stigs/cci/">CCI-002235</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000368-GPOS-00154</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000312-GPOS-00122</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000312-GPOS-00123</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000312-GPOS-00124</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000324-GPOS-00125</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000370-GPOS-00155</a>, <a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">UBTU-20-010439</a>, <a href="https://www.cisecurity.org/benchmark/ubuntu_linux/">1.7.1.1</a></p></td></tr><tr><td colspan="2"><div class="remediation-description"><a class="btn btn-success" data-toggle="collapse" data-target="#id346" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Shell script ⇲</a><br><div class="panel-collapse collapse" id="id346"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>
 DEBIAN_FRONTEND=noninteractive apt-get install -y "apparmor"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation OSBuild Blueprint snippet ⇲</a><br><div class="panel-collapse collapse" id="id347"><pre><code>
-[[packages]]
-name = "apparmor"
-version = "*"
-</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id348" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id348"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_apparmor
+</code></pre></div><a class="btn btn-success" data-toggle="collapse" data-target="#id347" tabindex="0" role="button" aria-expanded="false" title="Activate to reveal" href="#!">Remediation Puppet snippet ⇲</a><br><div class="panel-collapse collapse" id="id347"><table class="table table-striped table-bordered table-condensed"><tr><th>Complexity:</th><td>low</td></tr><tr><th>Disruption:</th><td>low</td></tr><tr><th>Strategy:</th><td>enable</td></tr></table><pre><code>include install_apparmor
 
 class install_apparmor {
   package { 'apparmor':
     ensure =&gt; 'installed',
   }
/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -139,19 +139,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -164,14 +154,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -179,34 +174,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -214,9 +214,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3594,11 +3594,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3607,6 +3602,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3641,11 +3641,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3654,6 +3649,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6639,11 +6639,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6652,6 +6647,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -6733,11 +6733,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -6746,6 +6741,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -141,19 +141,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -166,14 +156,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -181,34 +176,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -216,9 +216,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3596,11 +3596,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3609,6 +3604,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3643,11 +3643,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3656,6 +3651,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6641,11 +6641,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6654,6 +6649,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -6735,11 +6735,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -6748,6 +6743,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,256 +7,250 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">
+      <ocil:title>Ensure Logrotate Runs Periodically</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns gshadow File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
+      <ocil:title>Ensure /var Located On Separate Partition</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-partition_for_var_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,34 +78,39 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="s390x_arch">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -118,9 +118,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -3498,11 +3498,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3511,6 +3506,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3545,11 +3545,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3558,6 +3553,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6543,11 +6543,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6556,6 +6551,11 @@
   }
 }
 </xccdf-1.1:fix>
+        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -6637,11 +6637,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -6650,6 +6645,11 @@
   }
 }
 </xccdf-1.1:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -139,19 +139,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -164,14 +154,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -179,34 +174,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -214,9 +214,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3927,11 +3927,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3940,6 +3935,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3974,11 +3974,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3987,6 +3982,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6970,11 +6970,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6983,6 +6978,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -7064,11 +7064,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -7077,6 +7072,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -139,19 +139,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -164,14 +154,19 @@
             <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="sssd">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="postfix">
@@ -179,34 +174,39 @@
             <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="gdm">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="s390x_arch">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -214,9 +214,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3927,11 +3927,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3940,6 +3935,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3974,11 +3974,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3987,6 +3982,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6970,11 +6970,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6983,6 +6978,11 @@
   }
 }
 </xccdf-1.2:fix>
+            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -7064,11 +7064,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-            <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.2:fix>
             <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -7077,6 +7072,11 @@
   }
 }
 </xccdf-1.2:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml differs (XML 1.0 document, ASCII text)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,22 +7,16 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
-      <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
-      </ocil:actions>
-    </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
     <ocil:questionnaire id="ocil:ssg-mount_option_var_tmp_noexec_ocil:questionnaire:1">
@@ -31,244 +25,244 @@
         <ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_noexec_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure syslog-ng is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
-      <ocil:title>Specify the hash to use when signing modules</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_binary_dirs_ocil:questionnaire:1">
+      <ocil:title>Verify that System Executables Have Root Ownership</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
-      <ocil:title>Enable Randomized Layout of Virtual Address Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
+      <ocil:title>Ensure SSH LoginGraceTime is configured</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
+      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
-      <ocil:title>Set SSH Client Alive Count Max</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
+      <ocil:title>Verify User Who Owns Backup passwd File</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
-      <ocil:title>Ensure rsyslog is Installed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
+      <ocil:title>Add nosuid Option to /dev/shm</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
-      <ocil:title>Add nodev Option to /dev/shm</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">
+      <ocil:title>Ensure Logrotate Runs Periodically</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns gshadow File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
/usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,9 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -68,14 +58,19 @@
         <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="sssd">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="postfix">
@@ -83,34 +78,39 @@
         <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="gdm">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="s390x_arch">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -118,9 +118,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -3831,11 +3831,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
 class install_gnutls-utils {
@@ -3844,6 +3839,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
+[[packages]]
+name = "gnutls-utils"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure gnutls-utils is installed
   package:
     name: gnutls-utils
@@ -3878,11 +3878,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "nss-tools"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
-[[packages]]
-name = "nss-tools"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_nss-tools
 
 class install_nss-tools {
@@ -3891,6 +3886,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_nss-tools_installed">
+[[packages]]
+name = "nss-tools"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_nss-tools_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure nss-tools is installed
   package:
     name: nss-tools
@@ -6874,11 +6874,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
-[[packages]]
-name = "audispd-plugins"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_audispd-plugins
 
 class install_audispd-plugins {
@@ -6887,6 +6882,11 @@
   }
 }
 </xccdf-1.1:fix>
+        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit-audispd-plugins_installed">
+[[packages]]
+name = "audispd-plugins"
+version = "*"
+</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_audit-audispd-plugins_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure audispd-plugins is installed
   package:
     name: audispd-plugins
@@ -6968,11 +6968,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-        <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_audit_installed">
-[[packages]]
-name = "auditd"
-version = "*"
-</xccdf-1.1:fix>
         <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_audit_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_auditd
 
 class install_auditd {
@@ -6981,6 +6976,11 @@
   }
 }
 </xccdf-1.1:fix>
/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml	2022-07-15 00:00:00.000000000 +0000
@@ -147,19 +147,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -167,70 +162,75 @@
             <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="gdm">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -238,9 +238,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3067,11 +3067,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -3080,6 +3075,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -5194,11 +5194,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -5207,6 +5202,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5976,11 +5976,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml	2022-07-15 00:00:00.000000000 +0000
@@ -147,19 +147,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.2:rear-matter>
       <cpe-lang:platform-specification>
-        <cpe-lang:platform id="audit">
-          <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:audit"/>
-          </cpe-lang:logical-test>
-        </cpe-lang:platform>
-        <cpe-lang:platform id="pam">
+        <cpe-lang:platform id="uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:pam"/>
+            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sssd">
+        <cpe-lang:platform id="systemd">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="grub2">
@@ -167,70 +162,75 @@
             <cpe-lang:fact-ref name="cpe:/a:grub2"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="wifi-iface">
+        <cpe-lang:platform id="aarch64_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="aarch64_arch">
+        <cpe-lang:platform id="chrony">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="non-uefi">
+        <cpe-lang:platform id="login_defs">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony">
+        <cpe-lang:platform id="sssd">
           <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+          </cpe-lang:logical-test>
+        </cpe-lang:platform>
+        <cpe-lang:platform id="chrony_or_ntp">
+          <cpe-lang:logical-test operator="OR" negate="false">
             <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="postfix">
+        <cpe-lang:platform id="wifi-iface">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+            <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="uefi">
+        <cpe-lang:platform id="postfix">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+            <cpe-lang:fact-ref name="cpe:/a:postfix"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="sudo">
+        <cpe-lang:platform id="ntp">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="machine">
+        <cpe-lang:platform id="pam">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:machine"/>
+            <cpe-lang:fact-ref name="cpe:/a:pam"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="s390x_arch">
+        <cpe-lang:platform id="audit">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+            <cpe-lang:fact-ref name="cpe:/a:audit"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="chrony_or_ntp">
-          <cpe-lang:logical-test operator="OR" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:platform id="gdm">
+          <cpe-lang:logical-test operator="AND" negate="false">
+            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="login_defs">
+        <cpe-lang:platform id="machine">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+            <cpe-lang:fact-ref name="cpe:/a:machine"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="systemd">
+        <cpe-lang:platform id="sudo">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+            <cpe-lang:fact-ref name="cpe:/a:sudo"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="ntp">
+        <cpe-lang:platform id="s390x_arch">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+            <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
         <cpe-lang:platform id="not_s390x_arch">
@@ -238,9 +238,9 @@
             <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
-        <cpe-lang:platform id="gdm">
+        <cpe-lang:platform id="non-uefi">
           <cpe-lang:logical-test operator="AND" negate="false">
-            <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+            <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
           </cpe-lang:logical-test>
         </cpe-lang:platform>
       </cpe-lang:platform-specification>
@@ -3067,11 +3067,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -3080,6 +3075,11 @@
   }
 }
 </xccdf-1.2:fix>
+                  <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.2:fix>
                   <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -5194,11 +5194,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -5207,6 +5202,11 @@
   }
 }
 </xccdf-1.2:fix>
+              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5976,11 +5976,6 @@
               <xccdf-1.2:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.2:fix>
-              <xccdf-1.2:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.2:fix>
               <xccdf-1.2:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ocil.xml	2022-07-15 00:00:00.000000000 +0000
@@ -7,598 +7,598 @@
     <ocil:timestamp>2022-07-15T00:00:00</ocil:timestamp>
   </ocil:generator>
   <ocil:questionnaires>
-    <ocil:questionnaire id="ocil:ssg-file_groupownership_audit_binaries_ocil:questionnaire:1">
-      <ocil:title>Verify that audit tools are owned by group root</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
+      <ocil:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_groupownership_audit_binaries_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects File Deletion Events by User - rename</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
+      <ocil:title>Disable PubkeyAuthentication Authentication</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
-      <ocil:title>Record Any Attempts to Run chacl</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
+      <ocil:title>Install sudo Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_sudo_installed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
-      <ocil:title>Disable Accepting Packets Routed Between Local Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
+      <ocil:title>Verify All Account Password Hashes are Shadowed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_disk_error_action_ocil:questionnaire:1">
-      <ocil:title>Configure auditd Disk Error Action on Disk Error</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
+      <ocil:title>Unmap kernel when running in userspace (aka KAISER)</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
-      <ocil:title>Prevent remote hosts from connecting to the proxy display</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_samba_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall Samba Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_samba_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
-      <ocil:title>Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
+      <ocil:title>Require modules to be validly signed</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
-      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
+      <ocil:title>Verify Permissions on SSH Server Private *_key Key Files</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
-      <ocil:title>Configure auditd mail_acct Action on Low Disk Space</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
+      <ocil:title>Harden SSH client Crypto Policy</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_audit_binaries_ocil:questionnaire:1">
-      <ocil:title>Verify that audit tools Have Mode 0755 or less</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-package_squid_removed_ocil:questionnaire:1">
+      <ocil:title>Uninstall squid Package</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_audit_binaries_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-package_squid_removed_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
-      <ocil:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
+      <ocil:title>Verify Only Root Has UID 0</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns group File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
+      <ocil:title>Verify Group Who Owns SSH Server config file</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
-      <ocil:title>Ensure that System Accounts Are Locked</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_use_approved_ciphers_ordered_stig_ocil:questionnaire:1">
+      <ocil:title>Use Only FIPS 140-2 Validated Ciphers</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-no_password_auth_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_use_approved_ciphers_ordered_stig_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
-      <ocil:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
+      <ocil:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
-      <ocil:title>Verify Permissions on Backup passwd File</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-file_ownership_var_log_audit_stig_ocil:questionnaire:1">
+      <ocil:title>System Audit Logs Must Be Owned By Root</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-file_ownership_var_log_audit_stig_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
-      <ocil:title>Record Events that Modify the System's Mandatory Access Controls</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
+      <ocil:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
-      <ocil:title>Set Password Hashing Algorithm in /etc/login.defs</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-directory_access_var_log_audit_ocil:questionnaire:1">
+      <ocil:title>Record Access Events to Audit Log Directory</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-directory_access_var_log_audit_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
-      <ocil:title>Disable Compression Or Set Compression to delayed</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
+      <ocil:title>Enable Use of Strict Mode Checking</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
-      <ocil:title>Verify User Who Owns /var/log Directory</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-chronyd_sync_clock_ocil:questionnaire:1">
+      <ocil:title>Synchronize internal information system clocks</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-chronyd_sync_clock_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
-      <ocil:title>Sign kernel modules with SHA-512</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
+      <ocil:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
-      <ocil:title>Allow Only SSH Protocol 2</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-service_ntpd_enabled_ocil:questionnaire:1">
+      <ocil:title>Enable the NTP Daemon</ocil:title>
       <ocil:actions>
-        <ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
+        <ocil:test_action_ref>ocil:ssg-service_ntpd_enabled_action:testaction:1</ocil:test_action_ref>
       </ocil:actions>
     </ocil:questionnaire>
-    <ocil:questionnaire id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
-      <ocil:title>Record Unsuccessful Access Attempts to Files - creat</ocil:title>
+    <ocil:questionnaire id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
+      <ocil:title>Prefer to use a 64-bit Operating System when supported</ocil:title>
       <ocil:actions>
/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml differs (XML 1.0 document, ASCII text, with very long lines)
--- old//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
+++ new//usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml	2022-07-15 00:00:00.000000000 +0000
@@ -43,19 +43,14 @@
 countries. All other names are registered trademarks or trademarks of their
 respective companies.</xccdf-1.1:rear-matter>
   <cpe-lang:platform-specification>
-    <cpe-lang:platform id="audit">
-      <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:audit"/>
-      </cpe-lang:logical-test>
-    </cpe-lang:platform>
-    <cpe-lang:platform id="pam">
+    <cpe-lang:platform id="uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:pam"/>
+        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sssd">
+    <cpe-lang:platform id="systemd">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="grub2">
@@ -63,70 +58,75 @@
         <cpe-lang:fact-ref name="cpe:/a:grub2"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="wifi-iface">
+    <cpe-lang:platform id="aarch64_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
+        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="aarch64_arch">
+    <cpe-lang:platform id="chrony">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:aarch64_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="non-uefi">
+    <cpe-lang:platform id="login_defs">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony">
+    <cpe-lang:platform id="sssd">
       <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:sssd"/>
+      </cpe-lang:logical-test>
+    </cpe-lang:platform>
+    <cpe-lang:platform id="chrony_or_ntp">
+      <cpe-lang:logical-test operator="OR" negate="false">
         <cpe-lang:fact-ref name="cpe:/a:chrony"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="postfix">
+    <cpe-lang:platform id="wifi-iface">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
+        <cpe-lang:fact-ref name="cpe:/a:wifi-iface"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="uefi">
+    <cpe-lang:platform id="postfix">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:uefi"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="sudo">
+    <cpe-lang:platform id="ntp">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
+        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="machine">
+    <cpe-lang:platform id="pam">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:machine"/>
+        <cpe-lang:fact-ref name="cpe:/a:pam"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="s390x_arch">
+    <cpe-lang:platform id="audit">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
+        <cpe-lang:fact-ref name="cpe:/a:audit"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="chrony_or_ntp">
-      <cpe-lang:logical-test operator="OR" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:chrony"/>
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+    <cpe-lang:platform id="gdm">
+      <cpe-lang:logical-test operator="AND" negate="false">
+        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="login_defs">
+    <cpe-lang:platform id="machine">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:login_defs"/>
+        <cpe-lang:fact-ref name="cpe:/a:machine"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="systemd">
+    <cpe-lang:platform id="sudo">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:systemd"/>
+        <cpe-lang:fact-ref name="cpe:/a:sudo"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="ntp">
+    <cpe-lang:platform id="s390x_arch">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:ntp"/>
+        <cpe-lang:fact-ref name="cpe:/a:s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
     <cpe-lang:platform id="not_s390x_arch">
@@ -134,9 +134,9 @@
         <cpe-lang:fact-ref name="cpe:/a:not_s390x_arch"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
-    <cpe-lang:platform id="gdm">
+    <cpe-lang:platform id="non-uefi">
       <cpe-lang:logical-test operator="AND" negate="false">
-        <cpe-lang:fact-ref name="cpe:/a:gdm"/>
+        <cpe-lang:fact-ref name="cpe:/a:non-uefi"/>
       </cpe-lang:logical-test>
     </cpe-lang:platform>
   </cpe-lang:platform-specification>
@@ -2963,11 +2963,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
-[[packages]]
-name = "aide"
-version = "*"
-</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_aide
 
 class install_aide {
@@ -2976,6 +2971,11 @@
   }
 }
 </xccdf-1.1:fix>
+              <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_aide_installed">
+[[packages]]
+name = "aide"
+version = "*"
+</xccdf-1.1:fix>
               <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_aide_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure aide is installed
   package:
     name: aide
@@ -5090,11 +5090,6 @@
     &gt;&amp;2 echo 'Remediation is not applicable, nothing was done'
 fi
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
-[[packages]]
-name = "sudo"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_sudo
 
 class install_sudo {
@@ -5103,6 +5098,11 @@
   }
 }
 </xccdf-1.1:fix>
+          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_sudo_installed">
+[[packages]]
+name = "sudo"
+version = "*"
+</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:ansible" id="package_sudo_installed" complexity="low" disruption="low" reboot="false" strategy="enable">- name: Ensure sudo is installed
   package:
     name: sudo
@@ -5872,11 +5872,6 @@
           <xccdf-1.1:fix system="urn:xccdf:fix:script:sh" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">
 DEBIAN_FRONTEND=noninteractive apt-get install -y "gnutls-utils"
 </xccdf-1.1:fix>
-          <xccdf-1.1:fix system="urn:redhat:osbuild:blueprint" id="package_gnutls-utils_installed">
-[[packages]]
-name = "gnutls-utils"
-version = "*"
-</xccdf-1.1:fix>
           <xccdf-1.1:fix system="urn:xccdf:fix:script:puppet" id="package_gnutls-utils_installed" complexity="low" disruption="low" reboot="false" strategy="enable">include install_gnutls-utils
 
overalldiffered=4 (number of pkgs that are not bit-by-bit identical: 0 is good)
overall=1